$ pentest --target=cloud
AWS, Azure, GCP pen test. Shared-responsibility-model means the cloud-provider control plane is mostly out of scope; everything you build on top is in scope.
A focused cloud pen test runs $6,000 to $25,000 per account and provider in 2026 from mid-market vendors. Multi-account or multi-region engagements scale roughly linearly with some discount. Container and Kubernetes scope adds $4,000 to $12,000 typically. The cloud-provider control plane (e.g. AWS console) is out of scope under all three providers' shared-responsibility models.
Last verified June 2026
$ drivers --price
- Account / project count
Per provider, per account or project. Discount scales sub-linearly.
- Service breadth
Compute, storage, identity, networking, serverless, containers. Each adds scope hours.
- Configuration review vs simulated attack
Config-review is cheaper but lighter. Simulated-attack engagements cost more and surface chained risk.
- Container and Kubernetes
Common add-on. Cluster count and namespace count drive the band.
- Provider authorisation
AWS, Azure, GCP each have specific testing-authorisation policies. Some vendors absorb the admin.