Introduction
Data transfer costs are often the “hidden” AWS bill killer. While compute and storage seem transparent, data egress charges silently accumulateโoften representing 10-30% of total AWS spending for applications with high data movement.
This guide reveals data transfer costs and provides strategies to reduce them by 80-95%.
AWS Data Transfer Pricing
Regional Data Transfer Rates (US East)
Inbound traffic: FREE
Outbound traffic: $0.02/GB (first 10 TB/month)
$0.02/GB (10-100 TB/month)
$0.015/GB (>100 TB/month)
Cross-region traffic: $0.02/GB between regions
Cross-AZ traffic: $0.01/GB between availability zones
Cost Impact at Scale
Scenario: SaaS with 10 TB outbound traffic/month
Cost calculation:
- First 10 TB: 10,000 ร $0.02 = $200/month
Seems small? At scale:
- 100 TB/month: $2,000/month
- 1 PB/month: $20,000/month
- 10 PB/month: $200,000/month
- 100 PB/month: $2,000,000/month
Data Transfer Cost Traps
Trap #1: NAT Gateway Charges
NAT Gateway is the biggest hidden cost:
NAT Gateway pricing (AWS US-East-1):
- Fixed hourly: $0.045/hour = $33/month
- Data processing: $0.045/GB
Example: 100 GB outbound/month
Cost = $33 + (100 ร $0.045) = $37.50/month
At scale (100 TB/month):
Cost = $33 + (100,000 ร $0.045) = $4,533/month
For 10 production clusters:
$45,330/month in NAT gateways alone!
Solution: VPC Endpoints
Replace NAT gateway with VPC Endpoints:
AWS S3 VPC Endpoint:
- Cost: $7.20/month per endpoint
- Data transfer: FREE (instead of $0.045/GB)
100 TB/month without endpoint: $4,533/month
100 TB/month with endpoint: $7.20/month
Savings: $4,526/month
DynamoDB VPC Endpoint: $7.20/month + FREE data
API Gateway VPC Endpoint: $7.20/month + FREE data
Implementation (Terraform)
# S3 Endpoint
resource "aws_vpc_endpoint" "s3" {
vpc_id = aws_vpc.main.id
service_name = "com.amazonaws.us-east-1.s3"
route_table_ids = [aws_route_table.private.id]
vpc_endpoint_type = "Gateway"
}
# DynamoDB Endpoint
resource "aws_vpc_endpoint" "dynamodb" {
vpc_id = aws_vpc.main.id
service_name = "com.amazonaws.us-east-1.dynamodb"
route_table_ids = [aws_route_table.private.id]
vpc_endpoint_type = "Gateway"
}
# API Gateway Endpoint (Interface type)
resource "aws_vpc_endpoint" "api" {
vpc_id = aws_vpc.main.id
service_name = "com.amazonaws.us-east-1.apigateway"
vpc_endpoint_type = "Interface"
subnet_ids = [aws_subnet.private.id]
security_group_ids = [aws_security_group.vpc_endpoint.id]
}
Trap #2: Cross-Region Data Transfer
The Problem
Scenario: Multi-region replication
Primary region (us-east-1) โ Secondary region (eu-west-1)
- 1 TB/day replication
- Cost: 1 TB ร $0.02 ร 30 = $600/month
Daily sync of 1 GB files:
- 365 GB/year ร $0.02 ร 12 = $87.60/month seems cheap
At scale (100 TB/day):
- $600/month becomes $18,000/month
Solution: CloudFront + S3
Without optimization:
- 100 TB/month cross-region: $2,000/month
With CloudFront caching:
- CDN cost: ~$500/month
- Cache hit rate: 95%
- Data transfer cost: 5 TB ร $0.02 = $100/month
- Total: $600/month
- Savings: $1,400/month (70%)
CloudFront Configuration
resource "aws_cloudfront_distribution" "s3" {
origin {
domain_name = aws_s3_bucket.data.bucket_regional_domain_name
origin_id = "S3Origin"
}
enabled = true
is_ipv6_enabled = true
default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD"]
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = 0
default_ttl = 86400 # 1 day
max_ttl = 31536000 # 1 year
compress = true
}
}
Trap #3: Cross-AZ Traffic
The Cost
Within AWS VPC, same AZ: FREE
Different AZ (same region): $0.01/GB
Different region: $0.02/GB
Example: Load balancer โ EC2 in different AZ
- 1 TB/day cross-AZ: 1,000 ร $0.01 ร 30 = $300/month
For highly chatty microservices:
- 100 TB/month: $1,000/month
Solution: Pod Affinity (Kubernetes)
# Force pods in same AZ
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: db
topologyKey: topology.kubernetes.io/zone
# Result: Reduces cross-AZ traffic 90%
# Savings: $900/month
Real-World Case Study
Before: Unoptimized Multi-Region
Architecture:
- Primary region (us-east-1): 50 TB/month outbound
- Secondary region (eu-west-1): 30 TB/month outbound
- Log replication (cross-region): 20 TB/month
- Database replication: 10 TB/month
Costs:
- Outbound EC2: (50 + 30) ร $0.02 = $1,600/month
- Log replication: 20 ร $0.02 = $400/month
- DB replication: 10 ร $0.02 = $200/month
- NAT gateways (2 regions): 2 ร $33 = $66/month
- Cross-AZ within regions: $800/month
- Total: $3,066/month ($36,792/year)
After: Optimized
Changes:
- Replaced NAT gateways with VPC endpoints (S3, DynamoDB)
- Added CloudFront distribution ($500/month cost)
- Enabled S3 cross-region replication (uses S3 endpoints)
- Consolidated logging to single region
- Optimized pod affinity for same-AZ deployment
New Costs:
- Outbound EC2: (50 + 30) ร $0.02 = $1,600/month
- Log replication: (20 ร 0.05 via CloudFront) = $20/month
- DB replication via private link: FREE
- VPC endpoints (3): $22/month
- CloudFront: $500/month
- Cross-AZ (reduced 90%): $80/month
- Total: $2,222/month
Savings: $844/month ($10,128/year or 73%)
Data Transfer Optimization Checklist
- Enable VPC endpoints for AWS services
- Use CloudFront for frequently accessed data
- Consolidate cross-region traffic
- Implement pod affinity for same-AZ deployment
- Use S3 Gateway endpoints instead of NAT
- Monitor data transfer with CloudWatch
- Compress data transfers
- Cache aggressively at edge
- Batch API requests to reduce transfers
Glossary
- Egress: Outbound data transfer from AWS
- VPC Endpoint: Private connection to AWS services
- NAT Gateway: Network Address Translation device
- CloudFront: AWS Content Delivery Network
- Cache Hit Rate: Percentage of requests served from cache
- TTL: Time-to-Live, cache expiration time
Comments