Virtual Private Cloud pricing policy
To calculate the cost of using the service, see the prices in this section.
Note
Currency of Service rates (prices) depends on the company you made a contract with:
- Prices in US dollars are applicable to customers of Iron Hive doo Beograd (Serbia) or Direct Cursus Technology L.L.C. (Dubai).
- Prices in Russian roubles are applicable to customers of Yandex.Cloud LLC.
What goes into the cost of using VPC
In VPC, you pay for the hourly use of public IP addresses.
You get the following at no charge each month:
- First 100 GB of outgoing traffic.
- First 100 GB of outgoing traffic via the NAT gateway.
After you've used up your free service amounts, you will be charged at the applicable rate. The unused balance of free services is reset at the end of the month.
After deleting or stopping resources, you will continue to pay for the reserved public IP addresses. If you no longer need the IP addresses, delete them.
Prices for the Russia region
Warning
Prices for Yandex Cloud resources vary from region to region. For more information about the available regions, see Regions.
The currency that can be used to pay for resources depends on which legal entity the user has entered into agreement with. For more information about account registration, see Registering an account in Yandex Cloud.
VPC
Public IP addresses
A public IP address can be in one of the following two states:
- Active: When a dynamic or static public IP address is linked to a running cloud resource.
- Inactive: When a static public IP address is not linked to a cloud resource or is linked to a stopped resource.
All prices are net of VAT.
| Service | Cost per hour |
|---|---|
| Public IP address | $0.001920 |
| Reserving an inactive public static IP address | $0.002480 |
The cost of an inactive public static address is calculated by adding the cost of a public IP address to the cost of reserving an inactive public static IP address.
For example, the cost of an inactive public static address will be:
$0.001920 + $0.002480 = $0.004400
Total: $0.004400 per hour.
Where:
- $0.001920: Cost of using a public IP address per hour.
- $0.002480: Cost of reserving an inactive public static IP address per hour.
NAT gateways
You will be charged per hour of NAT gateway usage and for outgoing traffic via the gateway. Charges will apply as soon as you add a gateway to a route table.
| Resource category | Cost of 1 hour of usage per gateway (without VAT) |
|---|---|
| NAT gateway | $0.002880 |
Outgoing traffic via NAT gateways
Outgoing traffic via a NAT gateway exceeding 100 GB per month is billable.
Please note that traffic transmitted via a NAT gateway is charged separately from other outgoing traffic but according to the same pricing policy.
For example:
If you transmit 110 GB of outgoing traffic via a NAT gateway and 5 GB of outgoing traffic using other ways per month, you pay for 10 GB of the outgoing traffic sent via the NAT gateway.
If you transmit 110 GB of outgoing traffic via a NAT gateway and 105 GB of outgoing traffic using other ways per month, you pay for 10 GB of the outgoing traffic sent via the NAT gateway and 5 GB of the other outgoing traffic.
The first 100 GB of outgoing traffic via NAT gateway are provided free of charge every month.
The minimum billing unit is 1 MB.
| Resource category | Cost of 1 GB |
|---|---|
| Outgoing traffic via NAT gateway, first 10 GB per month | Free |
| Outgoing traffic via NAT gateway, over 10 GB per month | $0.012240 |
Using security groups
Security groups can be used free of charge.
Egress traffic
Note
You are charged for outgoing traffic from public IPs, including when public IPs are used for internal Yandex Cloud traffic, except for accessing Yandex Object Storage, Yandex Cloud Backup, and Yandex Cloud CDN. To avoid paying for outgoing traffic within your cloud, use internal IPs.
When using the service, you pay for traffic from Yandex Cloud to the internet. Traffic between internal IP addresses of Yandex Cloud services and incoming internet traffic is free.
The first 100 GB of outgoing traffic are provided free of charge every month.
The minimum billing unit is 1 MB.
| Resource category | Cost of 1 GB |
|---|---|
| Outgoing traffic, 100 GB or less per month | Free |
| Outgoing traffic, over 100 GB per month | $0.012240 |
Yandex DDoS Protection
All prices below do not include VAT.
| Service | Rate for 1 GB of traffic after filtering |
|---|---|
| Filtering incoming traffic to a public IP address with DDoS protection | $0.019440 |
Filtered traffic is incoming traffic that the DDoS Protection filtering system passes to the user's cloud resources. Only filtered traffic is charged.
For example, let's assume a user's VM was hit by a typical 10 Gbps DDoS attack generating 75 GB of incoming traffic. During the attack, the user downloaded to the VM 2 GB of relevant files from the internet. When the attack ended, the user downloaded another 2 GB of relevant files.
In which case the user will be charged only for the 4 GB of relevant traffic: the 2 GB that DDoS Protection had allowed to reach the cloud resources during the attack and the 2 GB downloaded when no attack was ongoing. Malicious traffic will be filtered at no charge to the user.
Advanced Yandex DDoS Protection
The Advanced Yandex DDoS Protection service is activated upon request through the form.
Important
Please note that the subscription fee for the Advanced Yandex DDoS Protection and Managed Web Application Firewall services is charged for the whole month and is not in proportion to the number of days. For example, if you activate or deactivate the services mid-month you will still be charged the full subscription fee.
Usage beyond the subscription fee is billed in the next reporting month. For example, services consumed in July will be included into the August bill.
The prevailing traffic bandwidth for the billing period is calculated as a one-minute average of the highest traffic between the site's incoming and outgoing traffic filtered by the network. At the end of the billing period, 90 recorded maximum traffic values are discarded, and the maximum remaining value is rounded down to the nearest whole number of Mbps. The resulting number represents the prevailing traffic bandwidth for the purpose of calculating the traffic fee.
The excess is calculated by multiplying 1 Mbps of traffic by the prevailing traffic bandwidth.
All prices below do not include VAT.
| Service plan | Professional (Pro) |
Business (Bsns) |
Corporate (Corp) |
Enterprise (ENT) |
|---|---|---|---|---|
| Subscription fee, monthly Subscription fee includes:
|
$184 | $624 | $1280 | Calculated separately |
| Includes bandwidth to filter out malicious (unwanted) traffic, up to | 10 Gbps | 50 Gbps | 500 Gbps | No limit |
| Guaranteed uptime of IT resources/websites per month (SLA) | At least 97% | At least 99% | At least 99.5% | Over 99.5% |
| Billable traffic | Legitimate | Legitimate | Legitimate | Legitimate |
| Charges for bandwidth beyond what is included in the subscription fee, per Mbps | $6.4 | $6.4 | $6.4 | Calculated separately |
| IP addresses (in addition to the IP included in subscription), monthly | $56 | $128 | $200 | Calculated separately |
Service plan parameters:
| Service plan | Professional (Pro) |
Business (Bsns) |
Corporate (Corp) |
Enterprise (ENT) |
|---|---|---|---|---|
| Included volumes to filter out malicious (unwanted) traffic, up to | 10 Gbps | 50 Gbps | 500 Gbps | No limit |
| Guaranteed uptime of IT resources/websites per month (SLA) | At least 97% | At least 99% | At least 99.5% | Over 99.5% |
| Billable traffic | Legitimate | Legitimate | Legitimate | Legitimate |
| HTTPS traffic filtering using customer's private keys | ||||
| Let's Encrypt® certificate | ||||
| Active availability testing of customer's platform | ||||
| HTTPS filtering without private keys | ||||
| API access |
With the Advanced Yandex DDoS Protection service plan, you can additionally activate the following services:
All prices below do not include VAT.
| Service | Professional (Pro) |
Business (Bsns) |
Corporate (Corp) |
Enterprise (ENT) |
|---|---|---|---|---|
| Subscription fee includes bandwidth for legitimate traffic | 10 Mbps | 10 Mbps | 10 Mbps | Calculated separately |
| HTTPS filtering using customer's private keys | ||||
| Let's Encrypt® certificate | ||||
| Active availability testing of customer's platform | ||||
| HTTPS filtering without private keys | ||||
| API access | ||||
| Basic load balancing of filtered traffic between IPs (maximum of two upstreams using the round-robin algorithm) | ||||
| Load balancing of filtered traffic between QLB (Qrator Load Balancing) customer IPs, monthly | $280 | $280 | ||
| WebSockets security (TCP connection proxy), monthly | $120 | |||
| Traffic filtering by geographic area, monthly | $240 |
Managed Web Application Firewall
All prices below do not include VAT.
| WAF service plan | Elementary WAF | Advisory WAF |
|---|---|---|
| Subscription fee, monthly | $240 | $608 |
| Traffic included in the subscription fee | 3 Mbps | 3 Mbps |
| Charges for bandwidth beyond what is included in the subscription fee, per Mbps | $1.6 | $1.6 |
| Included number of protected domains/web apps | 1 | 1 |
| Protection for additional domain/web app, monthly | $30 | $39 |
The Managed Web Application Firewall plan includes the following services:
| Service | Elementary WAF | Advisory WAF |
|---|---|---|
| Blocking individual malicious requests and responses | ||
| Available attack detection methods | ||
| Detecting attacks in requests and responses at the HTTP protocol property level | ||
| Detecting signs of attacks in data embedded in requests | ||
| Detecting signs of attacks in data embedded in responses | ||
| Detecting brute-force attacks (activated on request, same settings for the entire application) | ||
| Detecting brute-force attacks in individual logical actions (activated on request, configured as part of an additional service to detect and block network exploits) | ||
| Detecting signs of attacks in individual logical actions in an application (activated on request, configured as part of an additional service to detect and block network attacks) | ||
| Detecting attacks in individual user sessions and authorization monitoring for resources with low and medium loads (activated on request, configured as part of an additional service to detect and block network attacks) | ||
| Detecting bot activity (activated on request, configured as part of an additional service to detect and block network attacks) | ||
| Data storage | ||
| Security events | ||
| Malicious requests and responses | ||
| Legitimate requests and responses within purchased storage | ||
| Important logical actions (limited to purchased storage, activated on request, configured as part of an additional service to detect and block network attacks) | ||
| SolidWall WAF management interface functions | ||
| Monitoring dashboards | ||
| Display of security events with grouping support | ||
| Display of blocked transaction log | ||
| Ability to enable/disable protection and suppress false activations | ||
| SolidWall WAF integration with external systems using SYSLOG or REST API mechanisms (activated on request) | ||
| Automated reporting | ||
| Regular automated reports (configured on request) | ||
| Custom automated reports (provided on request) | ||
| Customer consultation on the use of WAF services | ||
| Basic customer account functionality | ||
| Clarifications about blocked requests | ||
| Integration with external systems using SYSLOG or REST API mechanisms | ||
| Basic technical support provided following new customer activation | ||
| Protocol configuration | ||
| Suppression of false activations | ||
| Filtering of static resources | ||
| Universal configuration of brute-force attack prevention module (on request) | ||
| Automated logical action mapping (to suppress false activations) | ||
| Universal configuration of session monitoring and authorization attack monitoring module (on request provided allowable load not exceeded) | ||
| Basic technical support provided during SolidWall WAF operation | ||
| SolidWall WAF maintenance and error resolution on customer infrastructure | ||
| SolidWall WAF version updates on customer infrastructure | ||
| Customers access to SolidWall WAF control interface for self-service SolidWall WAF configuration and performance monitoring | ||
| Ability to integrate SolidWall WAF with external IT systems for self-service SolidWall WAF configuration and performance monitoring | ||
| Customer consultation on SolidWall WAF administration |