Data transfer costs are often overlooked when developing AWS cloud cost strategies.
Most of the cloud engineers focus primarily on optimizing storage and compute capacity, assuming that’s enough for maximum savings.
AWS’s billing for data transfer is complex and opaque.
The lack of transparency makes it difficult to track and understand, causing many customers to miss opportunities for potential savings.
This article explains the concept of AWS data transfer billing. It focuses on the general billing principles and optimization tips.
There are four main ways data can be transferred in AWS:
- Data Transfer into AWS (Ingress): Data coming from the internet into AWS.
- Data Transfer within AWS: Data transferred within AWS, such as between different AWS services, availability zones or regions.
- Data Transfer out of AWS (Egress): Data transferred from AWS to the internet.
- Data Transfer between AWS and On-Premises: Data transferred between AWS and your on-premises infrastructure.
AWS charges these data transfers based on factors such as region, service, data transfer volume, and applicable taxes.
Data Transfer into AWS
AWS does not charge for inbound data. This applies to traffic coming into AWS, whether from the internet or your on-premises network.
Instead, the requester (e.g., the user or system initiating the connection) may incur charges based on the medium they use to connect to AWS, such as data packages, ISP fees, or VPN costs.
But here’s the twist: Communication is always two-way.
When AWS sends a response to the requestor, that outbound traffic is subject to charges (data transfer out of AWS). We’ll cover these charges in more detail in the next sections.
Data Transfer within AWS
AWS has over 200 services, and many of them can communicate with each other. Data transfer within AWS typically happens in two ways:
- A workload making requests to AWS services. (e.g., an app running in EC2 instance accessing S3)
- One AWS service making requests to another AWS service. (e.g., Lambda accessing DynamoDB)
Charges for data transfer within AWS depend on the specific scenario and location of the resources. Let’s look at different situations:
Data Transfer within AWS in Same Region
When data is transferred within the same region, you’ll typically incur lower charges than for cross-region data transfer. Here are some key points:
Same Availability Zone with Private IPv4 and IPv6: Data transfer between compute resources like EC2 or containers within the same Availability Zone (AZ) using private IPv4 or v6 is free.
Same Availability Zone with Public IP and Elastic Ip: When data is transferred using Public IP or Elastic IP, even within the same AZ and VPC, data transfer costs apply for both sending(egress) and receiving(ingress).
Different Availability Zone: Data transfer between different AZs and VPCs, regardless of the network type(private or public), incurs charges for both ingress and egress. This type of cost is called Bi-direction data transfer.
- For example, if an EC2 instance makes a request to an RDS instance in a different AZ, you will incur charges for: EC2 data out, RDS data in, RDS data out, and EC2 data in.
Load Balancer: Data transfer between a Classic Load Balancer or an Application Load Balancer and EC2 instances across AZs within the same region is free.
Multi-AZ Replication: Data transfer between multiple AZs for replication purposes, such as with Amazon RDS, is free within the same region.
NAT Gateway: When a compute resource (e.g., EC2 instance or container) accesses AWS services like S3, SQS, SNS, or ECR through a NAT Gateway, there are charges for both the NAT Gateway and the data processed by the gateway before being sent to the destination. However, accessing these services via a Public IP or VPC Endpoint is free, with costs only applying for the Public IP or VPC Endpoint usage.
CloudFront: Data fetches from origin like EC2, S3, or ELB to CloudFront is free.
Route53: The Alias record type in Amazon Route 53 is free of charge, unlike other record types such as CNAME, A, and AAAA, which incur costs for DNS queries.
Data Transfer within AWS in Different Region
Data transfer across regions using VPC Peering or Transit Gateway is charged based on the source region. For example, data transfer from US West (N. California) costs $0.02/GB, from Ohio costs $0.01/GB, while transfers from US East (Verizon) - Nashville and Tampa are free.
If you pull data from an S3 bucket located in the US West (N. California) region, the cost will be $0.02/GB.
Data transfer out of AWS
AWS provides 100 GB of free data transfer from AWS to the internet each month for all customers. This allowance applies across all services and regions, excluding China and AWS GovCloud.
Any data transfer beyond this 100 GB is charged based on the service, region, and amount of data transferred.
Data Transfer between AWS and On-Premises
You can connect to aws from on-premises using either site-to-site vpn or direct connect.
Site-to-Site VPN
When you set up a Site-to-Site VPN connection, AWS charges for the time the VPN connection is active, based on hourly rates.
In addition, you’ll incur standard AWS data transfer charges for any data sent over the VPN connection.
- Data transfer into AWS is free.
- Data transfer out from AWS is charged based on the amount of data transferred from AWS to your on-premises infrastructure.
For example, if you transfer 1,000 GB into AWS and 500 GB out, you’ll only be charged for the 500 GB transferred out of AWS.
Direct Connect
AWS Direct Connect charges are based on three main factors:
- Data Transfer Capacity: The maximum transfer rate of the connection.
- Port Speed and Port Hours: The speed of the connection and the duration for which the port is provisioned.
- Connection Type:
- Dedicated Connection: A physical connection between your on-premises network and AWS.
- Hosted Connection: A logical connection provided by an AWS Direct Connect partner, typically more affordable than dedicated connections.
Like Site-to-site VPN, data transfer into AWS via Direct Connect is free.
Ways to Save on Data Transfer in AWS
Use VPC Endpoints: Avoid routing traffic over the internet when accessing AWS services. VPC Endpoints are generally more cost-effective, reduce latency, and keep traffic within AWS’s private network.
Avoid Public IP or Elastic IP: Even when transferring data within the same Availability Zone (AZ) and region, using Public IPs or Elastic IPs incurs charges. Stick to private IPs to avoid extra costs.
Use Direct Connect for On-Premises Transfers: For transferring data to on-premises infrastructure, consider using Direct Connect. This option is more cost-effective than using the internet for large-scale data transfer.
Stay Within the Same AZ When Possible: While multiple AZs provide high availability, keeping your resources within the same AZ can save costs on cross-AZ data transfer.
Avoid Cross-Region Data Transfers: Transferring data between AWS regions typically incurs additional charges. Only transfer data across regions if it’s absolutely necessary for your business requirements.
Avoid NAT Gateways When Possible: While NAT Gateways provide secure access to AWS services, they come with high data processing costs. Instead, use VPC Endpoints (VPCE) where possible to reduce costs.
Consider Amazon CloudFront: When transferring data to internet users, Amazon CloudFront is usually cheaper than transferring data directly from AWS regions. It also reduces latency for global content delivery.
Choose Cost-Effective Regions: Data transfer pricing varies by region. If you don’t have strict compliance or latency requirements, choose the most cost-effective region for your workloads.
Use S3 Requester Pays: If you store large objects in Amazon S3 and other AWS accounts need to access them, you can enable the Requester Pays feature. This feature shifts the cost of downloading the objects from the bucket owner to the requester. The requester must be a valid AWS account holder (not an anonymous user) in order to incur the download costs.
Sign Up for the AWS Data Transfer Private Pricing Program: If your organization has significant data transfer needs, enroll in the AWS Data Transfer Private Pricing Program to negotiate better rates based on your usage.
Use Monitoring Tools: Leverage tools like AWS Cost & Usage Reports or third-party monitoring tools to track your data transfer costs and identify areas where you can optimize.
Reference Links:
I hope this article was helpful to you. Please share your feedback in the comments below.
Thanks for reading,
-Alon