ShieldCraft AI Pricing

Compare tiers to preview scope, run-rate and the services each IaC template implements.

Starter

Launch GuardDuty-backed telemetry, ingestion, and curated storage.

Fastest time-to-value

ShieldCraft runs Airbyte on ECS to sync SaaS, ticketing, and telemetry sources into the lake with containerized connectors.

EventBridge

ShieldCraft broadcasts normalized detections and lifecycle signals on EventBridge so ingest pipelines, automations, and analytics stay loosely coupled.

ShieldCraft persists landing, curated, and feature data in S3 with versioning, encryption by default, and lifecycle tuning per tier.

Glue

ShieldCraft runs Glue jobs and crawlers to structure lake zones, publish the catalog, and hydrate feature stores from raw feeds.

IAM

ShieldCraft provisions scoped IAM roles, boundary policies, and federation hooks to maintain least-privilege workloads.

Lake Formation

ShieldCraft applies Lake Formation grants to enforce persona-based access paths while keeping governance auditable.

Lambda

ShieldCraft deploys Lambda workers for connectors, lightweight transforms, and near-real-time automations triggered from events or APIs.

Security Hub

ShieldCraft consolidates posture checks and curated detections in Security Hub to drive scoring, suppression, and compliance evidence.

Step Functions

ShieldCraft choreographs remediation, data, and ML pipelines as Step Functions state machines, micro-batching ingestion events to keep inference latency tight and costs predictable.

Cloud Native Hardening

ShieldCraft applies hardened baselines and Well-Architected controls through reusable infrastructure modules.

Growth

Scale data plane, ML ops, and cross-account automations.

$1 085View infrastructure

Scale telemetry & automation

Airbyte (ECS)

$120

ShieldCraft runs Airbyte on ECS to sync SaaS, ticketing, and telemetry sources into the lake with containerized connectors.

EventBridge

$10

ShieldCraft broadcasts normalized detections and lifecycle signals on EventBridge so ingest pipelines, automations, and analytics stay loosely coupled.

MSK

$548

ShieldCraft streams high-volume telemetry through MSK for durable replay, feature backfills, and cross-account consumers.

OpenSearch Service

$62

ShieldCraft indexes enriched findings and behavioral baselines in OpenSearch to power threat hunts, dashboards, and analyst search.

$36

ShieldCraft persists landing, curated, and feature data in S3 with versioning, encryption by default, and lifecycle tuning per tier.

SageMaker

$90

ShieldCraft trains, evaluates, and serves detection plus generative models on SageMaker pipelines with managed endpoints.

Glue

$45

ShieldCraft runs Glue jobs and crawlers to structure lake zones, publish the catalog, and hydrate feature stores from raw feeds.

IAM

ShieldCraft provisions scoped IAM roles, boundary policies, and federation hooks to maintain least-privilege workloads.

Lake Formation

ShieldCraft applies Lake Formation grants to enforce persona-based access paths while keeping governance auditable.

Lambda

$25

ShieldCraft deploys Lambda workers for connectors, lightweight transforms, and near-real-time automations triggered from events or APIs.

Security Hub

$25

ShieldCraft consolidates posture checks and curated detections in Security Hub to drive scoring, suppression, and compliance evidence.

Step Functions

$20

ShieldCraft choreographs remediation, data, and ML pipelines as Step Functions state machines, micro-batching ingestion events to keep inference latency tight and costs predictable.

Cloud Native Hardening

$30

ShieldCraft applies hardened baselines and Well-Architected controls through reusable infrastructure modules.

Enterprise

Operate with global guardrails, auto-scaling compute, and proactive defenses.

$5 460View infrastructure

Global resilience & compliance

Airbyte (ECS)

$360

ShieldCraft runs Airbyte on ECS to sync SaaS, ticketing, and telemetry sources into the lake with containerized connectors.

Detective

ShieldCraft pivots GuardDuty findings and CloudTrail trails into Detective to accelerate graph-based investigations and root-cause analysis.

EventBridge

$100

ShieldCraft broadcasts normalized detections and lifecycle signals on EventBridge so ingest pipelines, automations, and analytics stay loosely coupled.

Inspector

ShieldCraft automates Inspector agent assessments and ECR/CWPP scans on every deployment cycle to surface drift or CVEs.

MSK

$1 971

ShieldCraft streams high-volume telemetry through MSK for durable replay, feature backfills, and cross-account consumers.

OpenSearch Service

$939

ShieldCraft indexes enriched findings and behavioral baselines in OpenSearch to power threat hunts, dashboards, and analyst search.

$105

ShieldCraft persists landing, curated, and feature data in S3 with versioning, encryption by default, and lifecycle tuning per tier.

SageMaker

$805

ShieldCraft trains, evaluates, and serves detection plus generative models on SageMaker pipelines with managed endpoints.

Attack Simulation

ShieldCraft executes AWS FIS-based attack simulations to validate coverage, runbooks, and blast-radius assumptions.

Artifact

ShieldCraft curates compliance evidence and AWS Artifact audit packages so GRC teams can respond to questionnaires instantly.

Budgets

ShieldCraft wires Budgets alerts into FinOps dashboards and runbooks to enforce per-tier spend guardrails.

CodePipeline

ShieldCraft’s landing zone and model updates flow through CodePipeline with security gating, canary deploys, and manual approvals.

Config

ShieldCraft runs Config conformance packs and custom rules to spot drift, feeding governance dashboards and auto-remediation.

Control Tower

ShieldCraft integrates with Control Tower guardrails and account vending to align environments with enterprise landing zones.

Glue

$180

ShieldCraft runs Glue jobs and crawlers to structure lake zones, publish the catalog, and hydrate feature stores from raw feeds.

IAM

ShieldCraft provisions scoped IAM roles, boundary policies, and federation hooks to maintain least-privilege workloads.

IAM Identity Center

ShieldCraft centralizes workforce access through Identity Center, mapping your IdP groups into least-privilege permission sets across accounts.

Lake Formation

$50

ShieldCraft applies Lake Formation grants to enforce persona-based access paths while keeping governance auditable.

Lambda

$200

ShieldCraft deploys Lambda workers for connectors, lightweight transforms, and near-real-time automations triggered from events or APIs.

Secrets Manager

ShieldCraft rotates connector credentials, inference keys, and shared secrets in Secrets Manager with full audit trails.

Security Hub

$200

ShieldCraft consolidates posture checks and curated detections in Security Hub to drive scoring, suppression, and compliance evidence.

Shield Advanced

ShieldCraft leans on Shield Advanced for managed DDoS detection, telemetry, and rapid escalation into the global SOC.

Step Functions

$200

ShieldCraft choreographs remediation, data, and ML pipelines as Step Functions state machines, micro-batching ingestion events to keep inference latency tight and costs predictable.

Cloud Native Hardening

$200

ShieldCraft applies hardened baselines and Well-Architected controls through reusable infrastructure modules.

Data Quality

ShieldCraft’s Proton add-on seeds Glue Data Quality monitors and scorecards across high-value tables to keep pipelines trustworthy.

Deployment playbooks

No shared tenancyYou keep the encryption keysRunbook-driven cutovers

Landing zone native

Deploy to Your AWS

Seamlessly integrate ShieldCraft into existing AWS accounts while data stays inside your boundary. We layer onto your tagging model, guardrails, and security controls for a non-disruptive rollout.

Multi-account, multi-region ready
Proton blueprints coordinate dev/staging/prod accounts in parallel with cross-region replication and audit-ready logging.
Least-privilege & encrypted-by-default
IAM boundaries, KMS policies, and automated drift detection keep the control plane secure without slowing shipping velocity.
Control Tower & Organizations aligned
Supports account factories, SCPs, and shared logging buckets so you inherit your existing landing zone baselines.

Control TowerOOrganizationsIAMEventBridge

Launch window: 2–4 weeks including security and tagging workshops.

Disconnected ready

On-Premises / Air-Gapped

Bring ShieldCraft to where your data resides. Deploy on Kubernetes or VMware with S3-compatible storage and Kafka/OpenSearch equivalents, backed by hardened images and offline updates.

Kubernetes or VMware footprint
Validated Helm charts and OVA bundles fit into regulated DMZ or factory zones with limited egress.
S3-compatible & Kafka integrations
Adapters sync with MinIO, Ceph, or Confluent so pipelines run without rewriting ingestion flows.
Offline update pipeline
Signed update bundles, artifact mirrors, and hardware key support keep air-gapped estates current.

S3MSKOpenSearch ServiceLambda

Delivery kit includes hardened container registry exports and detached CI/CD playbooks.