Content Jul 12, 2024

Demystifying and Optimizing AWS Data Transfer Costs

by Danielle Vansia and Emily Dunenfeld

Data transfer costs can end up being the largest item on your bill if they're not properly managed. Ensure you're not overpaying by using network visibility tools and optimization techniques.

Contents

Data transfer charges are a huge driver of costs, and a simple misconfiguration can cost you thousands. Pricing can be complex since it depends on several factors, such as traffic type and specific service. Cost troubleshooting and optimization can feel like shooting in the dark because AWS only shows a high-level view of total costs.

We explain popular and lesser-known optimization strategies, as well as how to view costs more granularly, such as per resource or by traffic category, so you can better understand the drivers behind your costs.

AWS Data Transfer Costs

First, let’s recap on the basics of data transfer costs. Costs and pricing dimensions vary per service but mostly share the following guidelines:

Data Transfer Traffic Category Intra-Region Inter-Region Internet
Description Data transferred between AWS services within the same region. Priced the least out of the three traffic category options. Data transferred between AWS services in different regions. Data transferred over the internet. Priced the most out of the three traffic category options.
Specific Traffic Category AZs (Availability Zones)
Same AZ: Data transferred within the same region, and AZ is free.

Different AZ: Data transferred within the same region but different AZ is sometimes free or has a cost that is relatively low compared to other traffic categories. 		Location
The cost varies depending on the source and destination region. For example, for EC2, pricing from US East (Ohio) to US East (N. Virginia) is $0.01 per GB, while pricing from US East (Ohio) to Asia Pacific (Tokyo) is $0.02. 		Monthly Data Transferred Amount
Pricing is tiered by TB and priced lower for more data transferred. There is also a free tier of 100GB, aggregated across all services and regions (except China and GovCloud).
Inbound/Outbound When inter-region costs occur, you may be charged twice—both for inbound and outbound. Charges only apply to outbound data. Charges only apply to outbound data (data transferred to the internet).
Usage Type Region-DataTransfer-Regional-Bytes
  • Source Region-Destination Region-AWS-In-Bytes (no corresponding charge)
  • Source Region-Destination Region-AWS-Out-Bytes
  • Source Region-AWS-In-Bytes (no corresponding charge)
  • Source Region-AWS-Out-Bytes
  • Region-DataTransfer-In-Bytes (no corresponding charge)
  • Region-DataTransfer-Out-Bytes

Data transfer cost and pricing dimensions

Remember, other charges and exceptions might occur, so it’s best to check the pricing page for specific services. Amazon CloudFront, NAT gateways, transit gateways, load balancers, and AWS PrivateLink are some examples of services with different or additional pricing specifications (e.g., data processing charges).

Optimization Strategies for AWS Data Transfer Costs

When architecting your AWS infrastructure, it’s important to keep in mind the pricing hierarchy of traffic categories. Generally, the order from least to most expensive is intra-region (same AZ), intra-region (different AZ), inter-region, then internet.

Use Intra-Region AWS Data Transfer When Possible

Whenever possible, transfer data within the same AZ to minimize costs (though this may not be feasible for use cases requiring high availability). The next best option (price-wise) is transferring within the same region but different AZs (though this is not always possible because of potential latency impacts).

For the same region but different AZs use cases, CloudFront could be a good option if you have high volumes of data, since there are no data transfer costs between CloudFront and AWS services within the same region. There is also an interesting S3 workaround (if latency is not a concern) where you can sidestep data transfer costs for intra-region, same AZ use cases since most S3 storage classes go by region rather than AZ granularity. See this article for additional insights.

Inter-Region AWS Data Transfer

Inter-region transfer should only be used in specific situations. According to Amazon, utilizing a multi-region approach should be a “very thoughtful decision” due to the increased cost—namely, if your use case prior requires high availability and is latency-critical. In these cases, it’s worth noting that some regions have cheaper transfer costs than others, and you should choose one of the less expensive regions when possible.

Also, while more expensive than intra-region transfer, it’s still generally cheaper than internet transfer. To avoid transferring data through the public internet, use VPC endpoints and/or AWS Direct Connect.

Inter-Region Instead of Internet for AWS Data Transfer Using VPC Endpoints and/or Direct Connect

VPC endpoints are a feature of PrivateLink that connects your VPC to supported AWS services and supported external services without using public IPs. External services like Datadog, Snowflake, MongoDB, and more support PrivateLink. Since you avoid transferring over the internet, this can save you 80% compared to NAT gateways. We wrote an in-depth guide here.

For on-premises use cases where you are transferring a lot of data, Direct Connect can be used to connect with PrivateLink to connect your on-premises network to AWS and can help you save compared to internet costs.

Internet AWS Data Transfer Optimization Strategies (NAT Gateway Optimization and CloudFront)

Though it comes with the most expensive data transfer costs, transferring data to the internet is sometimes necessary. Fortunately, there are still ways to optimize and save. For example, if you are using NAT gateways, ensure that the resources sending the most traffic are in the same AZ as the NAT gateway.

CloudFront is another great way to save. It can significantly reduce data transfer costs for outbound traffic to the internet by caching content closer to the end-users, reducing the need for repetitive data transfers from your origin.

How to See AWS Data Transfer Costs

You can use the above best practices and tips to help optimize your AWS data transfer strategies and reduce costs; however, getting more visibility into your network flows can help you better understand what exactly is driving those costs.

When you analyze data on the AWS Cost and Usage Report (CUR) or in Cost Explorer, you can see billing line items such as USW2-DataTransfer-Regional-Bytes, which, in this example, means data transfer within the US West (Oregon) region.

Sample Cost Explorer Report Grouped by Data Transfer Usage Types

Sample Cost Explorer Report Grouped by Data Transfer Usage Types

This level of detail, however, captures only a high-level view and your total data transfer costs. Network Flow Reports in Vantage go beyond this by providing detailed insights into the actual flow of data, helping you understand specific cost drivers. These reports analyze the actual usage across how much network traffic has gone out across AZ or any egress out and then tie this analysis to specific resources, normalized by cost for each flow.

With Network Flow Reports, you can:

  • Identify the exact source and destination of the flows within your network
  • Review specific metadata related to resources and peer resources, like region subnet, etc.
  • Understand the estimated cost of each network flow for optimization

Consider the below examples to further understand how you can view network flows per resource as well as your overall network flows across Availability Zones.

Example 1: View Network Flows Per Resource

You review a Cost Report and can see various data transfer-related charges as well as overall costs for a particular resource. You want to go deeper and explore costs attributed to specific network flows per individual resource.

  1. In the below example, the Cost Report is grouped by Resource. For each resource that generates network traffic, the Network Costs button is displayed. Click this button to see additional network flow information.
  2. A Network Flow Report is displayed that is filtered to flows coming from that specific resource. The resource, traffic category (e.g., cross-az), and peer resource are displayed along with the flow volume and estimated cost per flow. Analyze the flow volume and cost impact of each network flow. Identify any unusual spikes or patterns that could indicate inefficiencies or misconfigurations.
  3. Select a specific flow from the table to see additional metadata. The Flow Log Metadata panel is displayed, which provides other metadata, like associated resource types. Use this information to review the associated IP addresses, VPCs, and subnets for any potential security issues.

Creating a new Network Flow Report in Vantage

Example 2: Analyze Cross-AZ Flows

As previously discussed, same region, cross-AZ traffic can sometimes generate unexpected costs. Network Flow Reports are useful for displaying your cross-AZ traffic and associated flows. A cross-AZ Network Flow Report is provided, by default, when you get started. The instructions below demonstrate how to re-create this report and add additional fields.

  1. Create a new Network Flow Report.
  2. From the top left of the screen, expand the Filters panel. Click + New Rule and create the following filter: Traffic Category is cross-az.
  3. Click Add, then click Apply.

    Adding filters to a Network Flow Report to analyze cross-AZ traffic

  4. The current report shows Resource UUID and Peer Resource UUID. You can add grouping criteria to further refine the view and see additional information about each flow. For example:
    1. If you want to see source and destination AZs, you can remove the Traffic Category group and group by Availability Zone ID and Peer Availability Zone ID. You can then rearrange the columns in the table to create a full view of source and destination traffic from one AZ to the other. Evaluate whether this traffic is essential for your infrastructure. Could you place dependent resources within the same AZ to minimize cross-AZ data transfer?

      Adding grouping criteria to a Network Flow Report to identify source and destination AZs

    2. Consider setting other grouping criteria, like Source and Destination Hostname. By identifying the specific hostnames involved in cross-AZ traffic, you can get a better idea of the applications or services that are communicating across AZs.

Conclusion

Optimizing AWS data transfer costs is important for effective cloud cost management—as infrastructure misconfigurations can cost you thousands! By adopting the strategic data transfer practices outlined here, and using network visibility tools, like Network Flow Reports in Vantage, you can avoid unnecessary expenses and get a better understanding of the drivers behind AWS network costs.

Monitor your AWS costs.

Get visibility into the specific drivers behind your network costs with Network Flow Reports in Vantage.

Join our Slack Group

Interested in this type of content? Join our growing
Slack community of over 1,000 cloud professionals

Join Slack Group
More from the blog
Content • Jan 2, 2025
Datadog vs Grafana Pricing Comparison

Grafana is a strong competitor to the monitoring and observability features of Datadog for a fraction of the price.

Content • Nov 21, 2024
AWS Savings Plan and Reserved Instance Policy Changes for Resellers

AWS is implementing a policy update that will no longer allow Reserved Instances and Savings Plans to be shared across end customers.

Content • Nov 8, 2024
FinOps as Code: Exploring Active Resource Data

Use FinOps as Code to explore all your active cost-generating provider resources.

Tools for developers to analyze,
report on and reduce cloud costs.

© VNTG Inc.

Features
Documentation
Community
Company