AmazonGuardDuty
guardduty
PaidEventsAnalyzed
Amazon GuardDuty has foundational threat monitoring pricing that it prices based upon the number of events analyzed in AWS CloudTrail. This billing code represents the costs associated with the number of events analyzed which is priced per one million events per month.
- USE1-PaidEventsAnalyzed
- EU-PaidEventsAnalyzed
- EUW3-PaidEventsAnalyzed
- USW2-PaidEventsAnalyzed
- APS2-PaidEventsAnalyzed
- APN3-PaidEventsAnalyzed
- APS3-PaidEventsAnalyzed
- EUW2-PaidEventsAnalyzed
- USW1-PaidEventsAnalyzed
- APN2-PaidEventsAnalyzed
- APS1-PaidEventsAnalyzed
- SAE1-PaidEventsAnalyzed
- EUC1-PaidEventsAnalyzed
- CAN1-PaidEventsAnalyzed
- USE2-PaidEventsAnalyzed
- APN1-PaidEventsAnalyzed
- EUN1-PaidEventsAnalyzed
- EUS1-PaidEventsAnalyzed
- APS6-PaidEventsAnalyzed
- UGE1-PaidEventsAnalyzed
- UGW1-PaidEventsAnalyzed
- AFS1-PaidEventsAnalyzed
- APE1-PaidEventsAnalyzed
- MES1-PaidEventsAnalyzed
- CAN2-PaidEventsAnalyzed
- APS4-PaidEventsAnalyzed
- EUS2-PaidEventsAnalyzed
- APS5-PaidEventsAnalyzed
- MEC1-PaidEventsAnalyzed
- EUC2-PaidEventsAnalyzed
- CNN1-PaidEventsAnalyzed
- CNW1-PaidEventsAnalyzed
PaidEventsAnalyzed-Bytes
Amazon GuardDuty has foundational threat monitoring pricing that it prices based upon the Bytes analyzed from VPC flow logs. This billing code represents the costs associated with the ingestion and analysis of this data and is priced per GB per month with a tier pricing model. List pricing starts for the first 500GB / month analyzed. The tiers are 0-500GB, 500GB - 2500GB, 2500GB - 10,000 GB and over 10,000 GB per month.
- USE1-PaidEventsAnalyzed-Bytes
- APS3-PaidEventsAnalyzed-Bytes
- EU-PaidEventsAnalyzed-Bytes
- USW2-PaidEventsAnalyzed-Bytes
- EUW2-PaidEventsAnalyzed-Bytes
- APS2-PaidEventsAnalyzed-Bytes
- APN1-PaidEventsAnalyzed-Bytes
- EUC1-PaidEventsAnalyzed-Bytes
- APS1-PaidEventsAnalyzed-Bytes
- USE2-PaidEventsAnalyzed-Bytes
- APN3-PaidEventsAnalyzed-Bytes
- UGW1-PaidEventsAnalyzed-Bytes
- USW1-PaidEventsAnalyzed-Bytes
- CAN1-PaidEventsAnalyzed-Bytes
- SAE1-PaidEventsAnalyzed-Bytes
- EUN1-PaidEventsAnalyzed-Bytes
- APN2-PaidEventsAnalyzed-Bytes
- UGE1-PaidEventsAnalyzed-Bytes
- EUW3-PaidEventsAnalyzed-Bytes
- APE1-PaidEventsAnalyzed-Bytes
- CAN2-PaidEventsAnalyzed-Bytes
- AFS1-PaidEventsAnalyzed-Bytes
- MES1-PaidEventsAnalyzed-Bytes
- EUS1-PaidEventsAnalyzed-Bytes
- APS5-PaidEventsAnalyzed-Bytes
- APS6-PaidEventsAnalyzed-Bytes
- APS4-PaidEventsAnalyzed-Bytes
- CNN1-PaidEventsAnalyzed-Bytes
PaidS3DataEventsAnalyzed
Amazon GuardDuty monitors threats against your S3 resources by analyzing CloudTrail management events and CloudTrail S3 data events. When the GuardDuty S3 Protection feature is turned on, GuardDuty continuously analyzes authenticated CloudTrail S3 data events, monitoring access and activity in your S3 buckets. CloudTrail S3 data event analysis is charged per 1 million events per month, is prorated, and is discounted with volume.
- APS3-PaidS3DataEventsAnalyzed
- USE1-PaidS3DataEventsAnalyzed
- EU-PaidS3DataEventsAnalyzed
- USW2-PaidS3DataEventsAnalyzed
- USW1-PaidS3DataEventsAnalyzed
- USE2-PaidS3DataEventsAnalyzed
- APS2-PaidS3DataEventsAnalyzed
- APN1-PaidS3DataEventsAnalyzed
- EUC1-PaidS3DataEventsAnalyzed
- APS1-PaidS3DataEventsAnalyzed
- APS6-PaidS3DataEventsAnalyzed
- UGW1-PaidS3DataEventsAnalyzed
- UGE1-PaidS3DataEventsAnalyzed
- EUW2-PaidS3DataEventsAnalyzed
- CAN1-PaidS3DataEventsAnalyzed
- SAE1-PaidS3DataEventsAnalyzed
- EUW3-PaidS3DataEventsAnalyzed
- APN2-PaidS3DataEventsAnalyzed
- EUN1-PaidS3DataEventsAnalyzed
- APN3-PaidS3DataEventsAnalyzed
- AFS1-PaidS3DataEventsAnalyzed
- APE1-PaidS3DataEventsAnalyzed
- EUS1-PaidS3DataEventsAnalyzed
- MES1-PaidS3DataEventsAnalyzed
- EUS2-PaidS3DataEventsAnalyzed
- EUC2-PaidS3DataEventsAnalyzed
- APS5-PaidS3DataEventsAnalyzed
- MEC1-PaidS3DataEventsAnalyzed
- APS4-PaidS3DataEventsAnalyzed
- CNN1-PaidS3DataEventsAnalyzed
PaidKubernetesAuditLogsAnalyzed
This is the charge associated with Amazon GuardDuty's audit logging for Kubernetes. When EKS Audit Log Monitoring is activated, GuardDuty continuously analyzes EKS audit logs and optimizes costs by processing only events that are used for security analysis. EKS audit log analysis is charged per 1 million audit logs per month, is prorated, and is discounted with volume. Please note that this is a separate and distinct billing code than GuardDuty for Runtime Monitoring of EC2 nodes within an EKS cluster.
- USE1-PaidKubernetesAuditLogsAnalyzed
- USW2-PaidKubernetesAuditLogsAnalyzed
- EUC1-PaidKubernetesAuditLogsAnalyzed
- APS2-PaidKubernetesAuditLogsAnalyzed
- USE2-PaidKubernetesAuditLogsAnalyzed
- EU-PaidKubernetesAuditLogsAnalyzed
- APN1-PaidKubernetesAuditLogsAnalyzed
- CAN1-PaidKubernetesAuditLogsAnalyzed
- SAE1-PaidKubernetesAuditLogsAnalyzed
- EUW2-PaidKubernetesAuditLogsAnalyzed
- USW1-PaidKubernetesAuditLogsAnalyzed
- APN2-PaidKubernetesAuditLogsAnalyzed
- APS1-PaidKubernetesAuditLogsAnalyzed
- EUN1-PaidKubernetesAuditLogsAnalyzed
- UGE1-PaidKubernetesAuditLogsAnalyzed
- APS3-PaidKubernetesAuditLogsAnalyzed
- EUW3-PaidKubernetesAuditLogsAnalyzed
- APE1-PaidKubernetesAuditLogsAnalyzed
- APN3-PaidKubernetesAuditLogsAnalyzed
- AFS1-PaidKubernetesAuditLogsAnalyzed
- CNN1-PaidKubernetesAuditLogsAnalyzed
- UGW1-PaidKubernetesAuditLogsAnalyzed
- EUS1-PaidKubernetesAuditLogsAnalyzed
PaidLambdaNetworkLogsAnalyzed-Bytes
Amazon GuardDuty for Lambda offers protection for continuously monitoring network activity of logs generated from the execution of AWS Lambda functions to detect threats to Lambda, such as functions maliciously repurposed for unauthorized cryptocurrency mining, or compromised Lambda functions that are communicating with known threat actor servers. AWS charges for the amount of network activity scanned and has a tiered pricing model.
- USW2-PaidLambdaNetworkLogsAnalyzed-Bytes
- USE1-PaidLambdaNetworkLogsAnalyzed-Bytes
- APS2-PaidLambdaNetworkLogsAnalyzed-Bytes
- APN1-PaidLambdaNetworkLogsAnalyzed-Bytes
- EUC1-PaidLambdaNetworkLogsAnalyzed-Bytes
- USW1-PaidLambdaNetworkLogsAnalyzed-Bytes
- APS1-PaidLambdaNetworkLogsAnalyzed-Bytes
- USE2-PaidLambdaNetworkLogsAnalyzed-Bytes
- EU-PaidLambdaNetworkLogsAnalyzed-Bytes
- EUW2-PaidLambdaNetworkLogsAnalyzed-Bytes
- UGW1-PaidLambdaNetworkLogsAnalyzed-Bytes
- APN2-PaidLambdaNetworkLogsAnalyzed-Bytes
- APS3-PaidLambdaNetworkLogsAnalyzed-Bytes
- SAE1-PaidLambdaNetworkLogsAnalyzed-Bytes
- APN3-PaidLambdaNetworkLogsAnalyzed-Bytes
- EUW3-PaidLambdaNetworkLogsAnalyzed-Bytes
- EUN1-PaidLambdaNetworkLogsAnalyzed-Bytes
- CAN1-PaidLambdaNetworkLogsAnalyzed-Bytes
- UGE1-PaidLambdaNetworkLogsAnalyzed-Bytes
- CNN1-PaidLambdaNetworkLogsAnalyzed-Bytes
- CNW1-PaidLambdaNetworkLogsAnalyzed-Bytes
FreeEventsAnalyzed
Amazon GuardDuty has foundational threat monitoring that analyzes events from AWS CloudTrail. The first 30 days of usage is free and this billing code represents the corresponding free tier usage. Once you roll off of the first 30 days of usage, you will be charged per millions events monitored per month.
- EUC1-FreeEventsAnalyzed
- USE1-FreeEventsAnalyzed
- USW2-FreeEventsAnalyzed
- APS1-FreeEventsAnalyzed
- USW1-FreeEventsAnalyzed
- EU-FreeEventsAnalyzed
- USE2-FreeEventsAnalyzed
- EUW2-FreeEventsAnalyzed
- CAN1-FreeEventsAnalyzed
- APS3-FreeEventsAnalyzed
- APN2-FreeEventsAnalyzed
- EUN1-FreeEventsAnalyzed
- EUW3-FreeEventsAnalyzed
- APS2-FreeEventsAnalyzed
- APN3-FreeEventsAnalyzed
- SAE1-FreeEventsAnalyzed
- APN1-FreeEventsAnalyzed
- UGW1-FreeEventsAnalyzed
- APS5-FreeEventsAnalyzed
- CNN1-FreeEventsAnalyzed
- CNW1-FreeEventsAnalyzed
- EUS1-FreeEventsAnalyzed
- AFS1-FreeEventsAnalyzed
PaidRDSvCPUMonitored
GuardDuty RDS protection will profile login activity for RDS instances for potential threats. Oddly, Amazon charges for RDS GuardDuty on a per vCPU per month fee. This specific billing code is the per vCPU charge for GuardDuty RDS protection. Please note that as you scale up the size of your RDS database with more vCPUs, you will incur more correponding costs from Guard Duty.
- USE1-PaidRDSvCPUMonitored
- USW2-PaidRDSvCPUMonitored
- USW1-PaidRDSvCPUMonitored
- USE2-PaidRDSvCPUMonitored
- APS2-PaidRDSvCPUMonitored
- EUC1-PaidRDSvCPUMonitored
- APN1-PaidRDSvCPUMonitored
- CAN1-PaidRDSvCPUMonitored
- EUW2-PaidRDSvCPUMonitored
- APS1-PaidRDSvCPUMonitored
- EU-PaidRDSvCPUMonitored
- EUN1-PaidRDSvCPUMonitored
- AFS1-PaidRDSvCPUMonitored
- APS3-PaidRDSvCPUMonitored
- APN2-PaidRDSvCPUMonitored
PaidFargatevCPUMonitored
Amazon GuardDuty offers Runtime Monitoring for Fargate. When GuardDuty Runtime Monitoring is activated for a workload, GuardDuty begins collecting and analyzing runtime events for suspicious or potentially malicious activity. GuardDuty Runtime Monitoring pricing is based on the number and size of protected workloads, measured in vCPUs. Fargate Runtime Monitoring also has a tiered pricing model based upon the total number of vCPUs monitored. There is a rate for the first 500 vCPUs monitored, the next 4,500 vCPUs monitored and finally a rate beyond 5,000 vCPUs monitored.
FreeEC2vCPUMonitored
Amazon GuardDuty offers Runtime Monitoring for EC2 that has an associated free trial. This billing code represents the free trial period which exists for the first 30 days of usage in an acocunt. Once you roll off of the free trial, you'll have to pay a rate per vCPU monitored per month.
PaidEKSvCPUMonitored
Amazon GuardDuty offers Runtime Monitoring for EKS. When GuardDuty Runtime Monitoring is activated for a workload, GuardDuty begins collecting and analyzing runtime events for suspicious or potentially malicious activity. GuardDuty Runtime Monitoring pricing is based on the number and size of protected workloads, measured in vCPUs. EKS Runtime Monitoring also has a tiered pricing model based upon the total number of vCPUs monitored. There is a rate for the first 500 vCPUs monitored, the next 4,500 vCPUs monitored and finally a rate beyond 5,000 vCPUs monitored.
PaidRDSACUMonitored
GuardDuty RDS protection will profile login activity for RDS instances for potential threats. Oddly, Amazon charges for RDS GuardDuty on a per ACU (which stands for Aurora Serverless Compute Unit) per month fee. This specific billing code is the per ACU charge for GuardDuty RDS protection for Aurora Serverless on RDS. Please note that as you scale up the size of your Aurora cluster with more ACUs, you will incur more correponding costs from Guard Duty.
- USW2-PaidRDSACUMonitored
- USE1-PaidRDSACUMonitored
- EUW2-PaidRDSACUMonitored
- APS2-PaidRDSACUMonitored
- APN1-PaidRDSACUMonitored
- USE2-PaidRDSACUMonitored
- EUC1-PaidRDSACUMonitored
- EU-PaidRDSACUMonitored
- APS1-PaidRDSACUMonitored
- CAN1-PaidRDSACUMonitored
- USW1-PaidRDSACUMonitored
- APN2-PaidRDSACUMonitored
- APS3-PaidRDSACUMonitored
- EUN1-PaidRDSACUMonitored
FreeS3DataEventsAnalyzed
Amazon GuardDuty can monitor network events against your S3 buckets and has an associated 30 day free trial. This billing code represents the usage of that 30 day free trial and once you roll off of the 30 day period, you'll begin to be charged a rate per million events which will appear as a separate, distinct billing code.
- USW2-FreeS3DataEventsAnalyzed
- APN1-FreeS3DataEventsAnalyzed
- USE1-FreeS3DataEventsAnalyzed
- EUC1-FreeS3DataEventsAnalyzed
- SAE1-FreeS3DataEventsAnalyzed
- APS1-FreeS3DataEventsAnalyzed
- USW1-FreeS3DataEventsAnalyzed
- APS3-FreeS3DataEventsAnalyzed
- UGW1-FreeS3DataEventsAnalyzed
- APN2-FreeS3DataEventsAnalyzed
- USE2-FreeS3DataEventsAnalyzed
- APN3-FreeS3DataEventsAnalyzed
- EU-FreeS3DataEventsAnalyzed
- EUW2-FreeS3DataEventsAnalyzed
- EUW3-FreeS3DataEventsAnalyzed
- CAN1-FreeS3DataEventsAnalyzed
- EUN1-FreeS3DataEventsAnalyzed
- APS2-FreeS3DataEventsAnalyzed
- CNN1-FreeS3DataEventsAnalyzed
FreeRDSvCPUMonitored
This is the free tier billing code for Amazon's Guard Duty product for RDS. AWS offers a 30 day trial for AWS Guard Duty for RDS. Once you roll off of 30 days of free trial usage, you will begin to incur a charge per vCPU on your monitored RDS instances.
FreeLambdaNetworkLogsAnalyzed-Bytes
Amazon GuardDuty offers protection for monitoring network activity associated with Lambda functions. This billing code represents the 30 day free trial. Once your 30 days are up, you'll be charged for the associated amount of network activity scanned by Amazon GuardDuty to monitored Lambda functions.
- USE1-FreeLambdaNetworkLogsAnalyzed-Bytes
- USW2-FreeLambdaNetworkLogsAnalyzed-Bytes
- APN1-FreeLambdaNetworkLogsAnalyzed-Bytes
- APS3-FreeLambdaNetworkLogsAnalyzed-Bytes
- APN2-FreeLambdaNetworkLogsAnalyzed-Bytes
- EUC1-FreeLambdaNetworkLogsAnalyzed-Bytes
- USE2-FreeLambdaNetworkLogsAnalyzed-Bytes
- APS1-FreeLambdaNetworkLogsAnalyzed-Bytes
- EUN1-FreeLambdaNetworkLogsAnalyzed-Bytes
- EU-FreeLambdaNetworkLogsAnalyzed-Bytes
- APS2-FreeLambdaNetworkLogsAnalyzed-Bytes
- USW1-FreeLambdaNetworkLogsAnalyzed-Bytes
PaidEC2vCPUMonitored
Amazon GuardDuty offers Runtime Monitoring for EC2. When GuardDuty Runtime Monitoring is activated for a workload, GuardDuty begins collecting and analyzing runtime events for suspicious or potentially malicious activity. GuardDuty Runtime Monitoring pricing is based on the number and size of protected workloads, measured in vCPUs. EC2 Runtime Monitoring also has a tiered pricing model based upon the total number of vCPUs monitored. There is a rate for the first 500 vCPUs monitored, the next 4,500 vCPUs monitored and finally a rate beyond 5,000 vCPUs monitored.
MalwareProtectionS3ScanRequest
GuardDuty offers fully managed malware scanning for newly uploaded objects in your selected Amazon S3 buckets. S3 object scanning costs are based on the GB volume of the objects scanned and number of objects evaluated per month. Amazon S3 APIs are required for Malware Protection for S3 and are priced separately. This billing code represents the fee assciated with the number of objects evaluted per month which has a rate per 1,000 objects scanned.
- USW2-MalwareProtectionS3ScanRequest
- USE1-MalwareProtectionS3ScanRequest
- CAN1-MalwareProtectionS3ScanRequest
- APS2-MalwareProtectionS3ScanRequest
- USE2-MalwareProtectionS3ScanRequest
- APN1-MalwareProtectionS3ScanRequest
- EUW2-MalwareProtectionS3ScanRequest
- EUC1-MalwareProtectionS3ScanRequest
- EUW3-MalwareProtectionS3ScanRequest
MalwareProtectionS3DataScanned
GuardDuty offers fully managed malware scanning for newly uploaded objects in your selected Amazon S3 buckets. S3 object scanning costs are based on the GB volume of the objects scanned and number of objects evaluated per month. Amazon S3 APIs are required for Malware Protection for S3 and are priced separately. This billing code represents the fee assciated with the network transit which is priced per GB / month.
- USW2-MalwareProtectionS3DataScanned
- USE1-MalwareProtectionS3DataScanned
- CAN1-MalwareProtectionS3DataScanned
- APS2-MalwareProtectionS3DataScanned
- USE2-MalwareProtectionS3DataScanned
- APN1-MalwareProtectionS3DataScanned
- EUW2-MalwareProtectionS3DataScanned
- EUC1-MalwareProtectionS3DataScanned
- EUW3-MalwareProtectionS3DataScanned
PaidMalwareProtectionEBSDataScanned
Amazon GuardDuty offers malware protection as a paid service for EBS Volumes. When enabled, Amazon will create a replica of your EBS volume which is scanned for possible malware. The charge for GuardDuty Malware Protection is based on the total and prorated GB volume of Amazon EBS data scanned each month. Note that in order to have this feature enabled, it's required that you use EBS snapshots which incur additional, separate charges beyond this distinct billing code. This feature is billed per GB per month.
- USW2-PaidMalwareProtectionEBSDataScanned
- USE1-PaidMalwareProtectionEBSDataScanned
- APS2-PaidMalwareProtectionEBSDataScanned
- EU-PaidMalwareProtectionEBSDataScanned
- USE2-PaidMalwareProtectionEBSDataScanned
- EUC1-PaidMalwareProtectionEBSDataScanned
- APS1-PaidMalwareProtectionEBSDataScanned
- APS3-PaidMalwareProtectionEBSDataScanned
- APS4-PaidMalwareProtectionEBSDataScanned
- APN2-PaidMalwareProtectionEBSDataScanned
- EUW2-PaidMalwareProtectionEBSDataScanned
- CAN1-PaidMalwareProtectionEBSDataScanned
FreeEventsAnalyzed-Bytes
Amazon GuardDuty has foundational threat monitoring that analyzes network traffic from VPC Flow Logs. The first 30 days of usage is free and this billing code represents the corresponding free tier usage. Once you roll off of the first 30 days of usage, you will be charged per GB per month.
- USW2-FreeEventsAnalyzed-Bytes
- APN1-FreeEventsAnalyzed-Bytes
- USW1-FreeEventsAnalyzed-Bytes
- EUC1-FreeEventsAnalyzed-Bytes
- APS1-FreeEventsAnalyzed-Bytes
- SAE1-FreeEventsAnalyzed-Bytes
- USE1-FreeEventsAnalyzed-Bytes
- EU-FreeEventsAnalyzed-Bytes
- UGW1-FreeEventsAnalyzed-Bytes
- USE2-FreeEventsAnalyzed-Bytes
- APN2-FreeEventsAnalyzed-Bytes
- APS5-FreeEventsAnalyzed-Bytes
- APS3-FreeEventsAnalyzed-Bytes
- APN3-FreeEventsAnalyzed-Bytes
- APS2-FreeEventsAnalyzed-Bytes
- EUW3-FreeEventsAnalyzed-Bytes
- EUW2-FreeEventsAnalyzed-Bytes
- CAN1-FreeEventsAnalyzed-Bytes
FreeKubernetesAuditLogsAnalyzed
This is the free tier associated with Amazon GuardDuty's audit logging for Kubernetes that exists for a 30 day duration. Once your 30 days it up, you'll begin to be charged per million events per month which will appear as a separate billing code.
- APN1-FreeKubernetesAuditLogsAnalyzed
- EU-FreeKubernetesAuditLogsAnalyzed
- USW2-FreeKubernetesAuditLogsAnalyzed
- USE1-FreeKubernetesAuditLogsAnalyzed
- APN2-FreeKubernetesAuditLogsAnalyzed
- USE2-FreeKubernetesAuditLogsAnalyzed
- EUC1-FreeKubernetesAuditLogsAnalyzed
- EUW3-FreeKubernetesAuditLogsAnalyzed
- APS1-FreeKubernetesAuditLogsAnalyzed
- APS2-FreeKubernetesAuditLogsAnalyzed
- EUW2-FreeKubernetesAuditLogsAnalyzed
FreeEKSvCPUMonitored
Amazon GuardDuty offers Runtime Monitoring for EKS that has an associated free trial. This billing code represents the free trial period which exists for the first 30 days of usage in an acocunt. Once you roll off of the free trial, you'll have to pay a rate per vCPU monitored per month associated with the pods monitored.
FreeFargatevCPUMonitored
Amazon GuardDuty offers Runtime Monitoring for Fargate that has an associated free trial. This billing code represents the free trial period which exists for the first 30 days of usage in an acocunt. Once you roll off of the free trial, you'll have to pay a rate per vCPU monitored per month.
FreeRDSACUMonitored
This is the free tier billing code for Amazon's Guard Duty product for RDS Aurora Serverless. AWS offers a 30 day trial for AWS Guard Duty for Aurora Serverless. Once you roll off of 30 days of free trial usage, you will begin to incur a charge per ACU (Aurora Compute Unit) on your monitored RDS Aurora Clusters.
PaidOnDemandEBSVolumeDataScanned
Amazon GuardDuty offers malware protection as a paid service for EBS Volumes. When enabled, Amazon will create a replica of your EBS volume which is scanned for possible malware. The charge for GuardDuty Malware Protection is based on the total and prorated GB volume of Amazon EBS data scanned each month. Note that in order to have this feature enabled, it's required that you use EBS snapshots which incur additional, separate charges beyond this distinct billing code. This feature is billed per GB per month. Note that this particular billing code is the on-demand billing code for EBS volume protection which means it is likely being triggered manually by you or someone at your organization vs the automated GuardDuty service which would monitor on your behalf and show up as a distinct, separate billing code.
FreeMalwareProtectionEBSDataScanned
This is the free tier for Amazon's GuardDuty service which charges per GB per month of scanned data.