Simple, transparent pricing.

Start free with 2 scans/month. Upgrade to Pro for unlimited scanning and deep compliance checks.

Which plan is right for you?

1 account, occasional checks?

Free — $0 forever.

Regular scanning, full features?

Pro — $29/month.

Multiple accounts or team access?

Business — $99/month.

Data must stay in your AWS account?

Enterprise / BYOC — contact.

Free

Forever
$0

Equivalent to a manual cloud audit engagement (~$2,000 market rate)

1 AWS account · 2 scans/month · No credit card.

Included

  • 3 scans per month (Fast Scan — 21 native checks)
  • Cost Audit — 39 checkers, 5 waste vectors
  • AI Correlation Engine — basic insights
  • Dashboard + Savings Tracker
  • Email alerts (weekly digest)
Most popular

Pro

$29/month

or $290/year — save 2 months

1 AWS account · Unlimited scans · Deep Scan + AI Chat.

Everything in Free, plus:

  • Unlimited Fast Scans + Cost Audits
  • Deep Scan (Prowler 200+ controls) + business-risk interpretation via the Correlation Engine
  • 1-Click Remediation — fixes 13 common issues directly in your account (you approve each one)
  • AI Chat — ask anything about your AWS
  • ISO 27001 Readiness Assessment (PDF export)
  • CloudTrail Evidence Chain
  • GuardDuty correlation
  • Shareable executive report link
  • Full AI Correlation Engine
  • Scheduler & Cleanup automation (EC2, RDS, EBS, snapshots)
  • Priority email support

Business

$99/month

or $990/year — save 2 months

Up to 5 AWS accounts · Teams · Unlimited scans.

  • Everything in Pro
  • Up to 5 AWS accounts
  • 5 team members (Owner / Viewer roles)
  • Custom scan schedule
  • Priority support + onboarding call

Enterprise

BYOC
Pricing.contact

Data never leaves your AWS account. For banks, government, and regulated industries.

  • 6WAF deploys into your AWS account
  • Zero data egress — everything stays with you
  • Unlimited AWS accounts
  • Unlimited team members
  • ISO 27001 prep consulting included

Pricing based on scope. Typical engagement: $15K–$50K including platform + consulting.

Well-Architected Review consulting guarantee

If the full WAR doesn't uncover at least $15,000/year in savings or 3 CRITICAL risks in your infrastructure — 100% refund, no questions asked. Want to start smaller? 60-minute Expert Review — $299, fully credited toward the WAR.

FeatureFreeProBusinessEnterprise
Scans per month3 Fast ScansUnlimitedUnlimitedUnlimited
Fast Scan (21 checks)
Cost Audit (39 checkers)
Scheduler & Cleanup
Deep Scan (200+ checks)
AI Chat investigation
ISO 27001 PDF report
AI Correlation EngineBasicFullFullFull
AWS accounts11Up to 5Unlimited
Team members115Unlimited
Data residency6WAF cloud6WAF cloud6WAF cloudYour account

Questions

What's the difference between Fast Scan and Deep Scan?

Fast Scan runs 21 native AWS checks directly via boto3 — completes in 2–3 minutes and covers IAM, S3, CloudTrail, KMS, EC2. Deep Scan (Pro+) launches Prowler on AWS Fargate for 200+ controls across CIS Benchmark, PCI-DSS, SOC 2, and AWS FSBP. Takes 8–15 minutes and produces a compliance-mapped report.

How is 6WAF different from running Prowler myself (or Prowler Cloud)?

Prowler (and Prowler Cloud) returns a list of technical findings — it's excellent, and 6WAF uses that very engine for Deep Scan. The difference is the layer on top: 6WAF connects findings to cost movement (Cost-Security Correlation) to answer 'is this an incident and what's the damage', syncs results into AWS Well-Architected Tool in your own account, and when risk crosses the threshold — connects you with an AWS expert. You get business decisions, not just a findings list.

Why is the free tier limited to 3 scans/month?

Each scan consumes real AWS compute (Lambda + API calls). 3 free scans per month is enough to spot your biggest issues and see the value of the tool. If you're actively remediating and need to verify fixes, Pro gives you unlimited scans at $29/month — less than one avoided AWS support ticket.

What is BYOC and why would I need it?

BYOC (Bring Your Own Cloud) means 6WAF's entire backend — Lambda, DynamoDB, API — is deployed inside your own AWS account. No data ever reaches our servers. Required for banks, government agencies, healthcare, and any organization with strict data residency or regulatory requirements (MAS TRM, PDPA, Vietnamese cybersecurity law).

Is this a real ISO 27001 certificate?

No. 6WAF produces an ISO 27001 Technical Readiness Assessment — it maps your AWS findings to ISO 27001 Annex A controls and shows where the gaps are. The official certificate must be issued by an accredited Certification Body (BSI, TÜV, Bureau Veritas). We help you get there faster.

Why does 6WAF offer a free tier at all?

6WAF is a consulting-led business. The platform is our calling card — we give you a genuinely useful tool so you can see real problems in your AWS account. When you're ready for help fixing them (ISO 27001 certification, Well-Architected Review, remediation projects), that's when we work together.

Does 1-Click Remediation fix things automatically for me?

Not in the 'runs in the background, decides on its own' sense. For each of the 13 supported issue types, 6WAF shows you the exact AWS API call it will make, and you click 'Confirm & execute' per issue — 6WAF never acts while you're not looking. Only the 13 issue types that are unconditionally safe (toggle one setting, never delete a resource, zero downtime) get this button; everything else still needs you or an AWS expert to handle it manually.