|
| 1 | +--- |
| 2 | +title: "Cost Evaluation" |
| 3 | +description: "Cost-per-second comparison of Secure Exec on self-hosted hardware vs. sandbox providers" |
| 4 | +--- |
| 5 | + |
| 6 | +{/* Figures generated by scripts/calculate-costs.js — rerun when updating pricing */} |
| 7 | + |
| 8 | +## Methodology |
| 9 | + |
| 10 | +We compare the **cost per execution-second**: the cost of running one isolated execution for one second. |
| 11 | + |
| 12 | +- **Sandbox providers**: minimum allocatable memory × provider's per-GiB-second rate. We use the cheapest provider (Cloudflare Containers) as the baseline. |
| 13 | +- **Secure Exec**: EC2/Hetzner instance cost ÷ number of concurrent executions that fit in RAM, with 30% empty capacity overhead to account for bin-packing inefficiency. |
| 14 | + |
| 15 | +Secure Exec baseline memory per execution: **~3.4 MB** (converged at-scale average, p95). See [benchmarks](/docs/benchmarks) for measurement details. |
| 16 | + |
| 17 | +## Results |
| 18 | + |
| 19 | +All pricing as of March 2026. Almost all software runs on ARM today — we recommend comparing against ARM as a baseline. |
| 20 | + |
| 21 | +| Provider | Arch | $/exec-second | vs. Sandbox | |
| 22 | +| --------------------------------- | ------ | -------------- | ----------- | |
| 23 | +| Cloudflare Containers (baseline) | — | $6.25 × 10⁻⁷ | 1× | |
| 24 | +| **AWS t4g.micro (ARM/Graviton)** | arm64 | $1.11 × 10⁻⁸ | **56× cheaper** | |
| 25 | +| AWS t3.micro (x86/Intel) | x86_64 | $1.38 × 10⁻⁸ | 45× cheaper | |
| 26 | +| **Hetzner CAX11 (ARM/Ampere)** | arm64 | $1.64 × 10⁻⁹ | **380× cheaper** | |
| 27 | +| Hetzner CX22 (x86/Intel) | x86_64 | $2.69 × 10⁻⁹ | 232× cheaper | |
| 28 | + |
| 29 | +### Pricing Sources |
| 30 | + |
| 31 | +- Cloudflare Containers: [$0.0000025/GiB·s, 256 MB minimum](https://developers.cloudflare.com/containers/platform/pricing/) |
| 32 | +- AWS EC2 t4g.micro: [$0.0084/hr, 1 GiB RAM](https://aws.amazon.com/ec2/pricing/on-demand/) |
| 33 | +- AWS EC2 t3.micro: [$0.0104/hr, 1 GiB RAM](https://aws.amazon.com/ec2/pricing/on-demand/) |
| 34 | +- Hetzner CAX11: [€3.29/mo, 4 GiB RAM](https://www.hetzner.com/cloud/) |
| 35 | +- Hetzner CX22: [€5.39/mo, 4 GiB RAM](https://www.hetzner.com/cloud/) |
| 36 | + |
| 37 | +EUR→USD conversion: 1.09. |
| 38 | + |
| 39 | +## Scenario Breakdown |
| 40 | + |
| 41 | +### Lightweight Code Snippets |
| 42 | + |
| 43 | +This is where Secure Exec shines the most. |
| 44 | + |
| 45 | +- **~3.4 MB baseline** instead of 256 MB — you fit ~75× more executions per GB of RAM |
| 46 | +- Executions are **bin-packed** onto instances to maximize capacity utilization |
| 47 | +- Cold starts are **~16 ms** (p95) instead of **~950 ms** — you're not paying for time waiting for a sandbox to boot |
| 48 | +- On Hetzner ARM, lightweight snippets are **380× cheaper** than the cheapest sandbox provider |
| 49 | + |
| 50 | +### Heavyweight Execution (e.g. Dev Servers) |
| 51 | + |
| 52 | +Memory overhead matters less when dev servers use 512 MB+ regardless. |
| 53 | + |
| 54 | +- The advantage shifts to **hardware choice**: you pick your cloud, instance type, and region |
| 55 | +- Sandbox providers vendor-lock you to their hardware and pricing |
| 56 | +- Self-hosted options like **Hetzner** or **AWS Spot instances** can dramatically reduce costs |
| 57 | +- No egress fees on most self-hosted providers |
| 58 | + |
| 59 | +### Summary |
| 60 | + |
| 61 | +| Workload | Primary cost advantage | |
| 62 | +| --------------------- | ----------------------------------------- | |
| 63 | +| Light snippets | 56–380× cheaper (memory + cold start) | |
| 64 | +| Heavy (dev servers) | Hardware choice, no vendor lock-in | |
| 65 | +| High concurrency | Bin-packing, no per-sandbox minimums | |
| 66 | + |
| 67 | +See also: [Sandbox vs. Secure Exec](/docs/sandbox-vs-secure-exec) for a feature-level comparison. |
0 commit comments