Start free with 2 scans/month. Upgrade to Pro for unlimited scanning and deep compliance checks.
Which plan is right for you?
1 account, occasional checks?
Free — $0 forever.
Regular scanning, full features?
Pro — $29/month.
Multiple accounts or team access?
Business — $99/month.
Data must stay in your AWS account?
Enterprise / BYOC — contact.
Equivalent to a manual cloud audit engagement (~$2,000 market rate)
1 AWS account · 2 scans/month · No credit card.
Included
or $290/year — save 2 months
1 AWS account · Unlimited scans · Deep Scan + AI Chat.
Everything in Free, plus:
or $990/year — save 2 months
Up to 5 AWS accounts · Teams · Unlimited scans.
Data never leaves your AWS account. For banks, government, and regulated industries.
Pricing based on scope. Typical engagement: $15K–$50K including platform + consulting.
Well-Architected Review consulting guarantee
If the full WAR doesn't uncover at least $15,000/year in savings or 3 CRITICAL risks in your infrastructure — 100% refund, no questions asked. Want to start smaller? 60-minute Expert Review — $299, fully credited toward the WAR.
| Feature | Free | Pro | Business | Enterprise |
|---|---|---|---|---|
| Scans per month | 3 Fast Scans | Unlimited | Unlimited | Unlimited |
| Fast Scan (21 checks) | ✓ | ✓ | ✓ | ✓ |
| Cost Audit (39 checkers) | ✓ | ✓ | ✓ | ✓ |
| Scheduler & Cleanup | — | ✓ | ✓ | ✓ |
| Deep Scan (200+ checks) | — | ✓ | ✓ | ✓ |
| AI Chat investigation | — | ✓ | ✓ | ✓ |
| ISO 27001 PDF report | — | ✓ | ✓ | ✓ |
| AI Correlation Engine | Basic | Full | Full | Full |
| AWS accounts | 1 | 1 | Up to 5 | Unlimited |
| Team members | 1 | 1 | 5 | Unlimited |
| Data residency | 6WAF cloud | 6WAF cloud | 6WAF cloud | Your account |
What's the difference between Fast Scan and Deep Scan?
Fast Scan runs 21 native AWS checks directly via boto3 — completes in 2–3 minutes and covers IAM, S3, CloudTrail, KMS, EC2. Deep Scan (Pro+) launches Prowler on AWS Fargate for 200+ controls across CIS Benchmark, PCI-DSS, SOC 2, and AWS FSBP. Takes 8–15 minutes and produces a compliance-mapped report.
How is 6WAF different from running Prowler myself (or Prowler Cloud)?
Prowler (and Prowler Cloud) returns a list of technical findings — it's excellent, and 6WAF uses that very engine for Deep Scan. The difference is the layer on top: 6WAF connects findings to cost movement (Cost-Security Correlation) to answer 'is this an incident and what's the damage', syncs results into AWS Well-Architected Tool in your own account, and when risk crosses the threshold — connects you with an AWS expert. You get business decisions, not just a findings list.
Why is the free tier limited to 3 scans/month?
Each scan consumes real AWS compute (Lambda + API calls). 3 free scans per month is enough to spot your biggest issues and see the value of the tool. If you're actively remediating and need to verify fixes, Pro gives you unlimited scans at $29/month — less than one avoided AWS support ticket.
What is BYOC and why would I need it?
BYOC (Bring Your Own Cloud) means 6WAF's entire backend — Lambda, DynamoDB, API — is deployed inside your own AWS account. No data ever reaches our servers. Required for banks, government agencies, healthcare, and any organization with strict data residency or regulatory requirements (MAS TRM, PDPA, Vietnamese cybersecurity law).
Is this a real ISO 27001 certificate?
No. 6WAF produces an ISO 27001 Technical Readiness Assessment — it maps your AWS findings to ISO 27001 Annex A controls and shows where the gaps are. The official certificate must be issued by an accredited Certification Body (BSI, TÜV, Bureau Veritas). We help you get there faster.
Why does 6WAF offer a free tier at all?
6WAF is a consulting-led business. The platform is our calling card — we give you a genuinely useful tool so you can see real problems in your AWS account. When you're ready for help fixing them (ISO 27001 certification, Well-Architected Review, remediation projects), that's when we work together.
Does 1-Click Remediation fix things automatically for me?
Not in the 'runs in the background, decides on its own' sense. For each of the 13 supported issue types, 6WAF shows you the exact AWS API call it will make, and you click 'Confirm & execute' per issue — 6WAF never acts while you're not looking. Only the 13 issue types that are unconditionally safe (toggle one setting, never delete a resource, zero downtime) get this button; everything else still needs you or an AWS expert to handle it manually.