Learn DevOps: Data Transfer Costs — Egress Fees, Multi-Region Costs, NAT Gateway, Direct Connect, CloudFront

Data Transfer Costs — Egress Fees, Multi-Region Costs, NAT Gateway, Direct Connect, CloudFront

DodaTech Updated Jun 20, 2026 9 min read

Data transfer costs are the most surprising item on cloud bills. Egress traffic (data leaving a cloud provider) is priced at a premium, and inter-region or cross-cloud transfers add up fast. This guide covers strategies to minimize data transfer costs across AWS, Azure, and GCP.

What You’ll Learn

You’ll understand egress pricing models, optimize multi-region architectures, reduce NAT Gateway costs, use Direct Connect and CloudFront for cheaper transfer, and implement patterns that minimize cross-cloud data movement. DodaZIP’s distributed compression pipeline processes data across three regions — optimizing transfer was critical to keeping costs under control.

Why Data Transfer Costs Matter

Data transfer can account for 10-25% of total cloud spend. A single misconfigured architecture — like an application that reads data from a different region — can cost more in transfer than the compute it runs on. Unlike compute and storage, transfer costs are harder to optimize because they’re tied to architecture decisions.

Learning Path

    flowchart LR
  A[Storage Optimization] --> B[Data Transfer<br/>You are here]
  B --> C[Direct Connect]
  C --> D[CDN Optimization]
  style B fill:#f90,color:#fff

AWS Data Transfer Pricing

Egress Pricing Tiers

Direction	Price/GB	Notes
To internet (first 1GB/month)	Free	Per account
To internet (up to 10TB/month)	$0.09/GB	First 10TB
To internet (10-50TB)	$0.085/GB	Next 40TB
To internet (50-150TB)	$0.07/GB	Next 100TB
To internet (150-500TB)	$0.05/GB
Between AZs (same region)	$0.01/GB	Both directions
Between regions	$0.02-0.09/GB	Varies by region pair
CloudFront to internet	$0.085/GB	Cheaper than direct egress

NAT Gateway Costs

# NAT Gateway pricing (per hour + per GB processed)
# $0.045/hour + $0.045/GB processed
# A NAT Gateway processing 10TB/month = $32.40 + $450 = $482.40

# Alternatives for cost savings:
# 1. Use NAT instances (EC2-based, cheaper but less reliable)
# 2. Use VPC endpoints for AWS services
# 3. Use Gateway VPC endpoints (S3, DynamoDB) — free
# 4. Use PrivateLink for specific services

Multi-Region Architecture Optimization

Data Gravity Principle

Keep compute close to data. Processing data in a different region than where it’s stored incurs per-GB transfer costs:

def estimate_multi_region_cost(data_size_gb, regions):
    """Estimate monthly data transfer cost across regions"""

    # Inter-region transfer rates (us-east-1 ↔ eu-west-1)
    INTER_REGION_RATE = 0.02  # $/GB

    cost = data_size_gb * INTER_REGION_RATE * len(regions) * 2  # bidirectional
    return cost

# Example: 10TB data processed across 3 regions
monthly_cost = estimate_multi_region_cost(10000, ['us-east-1', 'eu-west-1', 'ap-southeast-1'])
print(f"Monthly inter-region transfer cost: ${monthly_cost:,.2f}")
# Monthly inter-region transfer cost: $600.00

Direct Connect vs VPN vs Internet

Connection Type	Setup Cost	Monthly Cost	Latency	Bandwidth	Recommended For
Internet (public)	$0	Varies by usage	Variable	Up to 100 Gbps	Development, non-critical
Site-to-Site VPN	$0	$0.05/hour	Medium	Up to 1.25 Gbps per tunnel	Small workloads
Direct Connect	$1,000+	$200+/month	Low/consistent	50 Mbps - 100 Gbps	Production, high-volume
Direct Connect Gateway	$0	Same as DX	Low	Same as DX	Multi-region

CloudFront (CDN) Cost Optimization

# CloudFront pricing
# US/Europe: $0.085/GB first 10TB
# Asia: $0.14/GB
# South America: $0.25/GB

# Enable CloudFront for:
# 1. Static assets (images, CSS, JS)
# 2. Origin shield to reduce origin calls
# 3. Price class selection (US+Europe only vs all)

# CloudFront Origin Shield
# Adds a caching layer before origin, reducing origin load by 60-80%
aws cloudfront update-distribution \
  --id DISTRIBUTION_ID \
  --origin-shield-enabled \
  --origin-shield-origin-shield-region us-east-1

Azure Data Egress

# Azure egress pricing (from US regions)
# To internet: $0.087/GB first 10TB
# Between regions: $0.01-0.05/GB
# Within region (VNet peering): $0.01/GB both directions

# Use Azure CDN for public content delivery
az cdn profile create \
  --name my-cdn \
  --resource-group my-rg \
  --sku Standard_Microsoft

# Use Azure Front Door for global routing with caching
az afd profile create \
  --profile-name my-afd \
  --resource-group my-rg \
  --sku Premium_AzureFrontDoor

GCP Data Transfer

# GCP egress pricing
# To internet: $0.12/GB first 10TB (premium tier)
# To internet: $0.08/GB (standard tier, lower SLA)
# Between regions: $0.01-0.08/GB

# Use Cloud CDN to reduce egress
gcp compute backend-services create my-backend \
  --global \
  --enable-cdn \
  --cdn-policy '{"cacheMode":"CACHE_ALL_STATIC","defaultTtl":86400}'

# Use Cloud NAT with static IPs for predictable egress
gcp compute routers nats create cloud-nat \
  --router=my-router \
  --region=us-central1 \
  --nat-external-ip-pool=auto \
  --nat-all-subnet-ip-ranges

Cost Comparison: Data Transfer Patterns

Pattern	AWS	Azure	GCP	Savings Strategy
Same AZ (private IP)	Free	Free	Free	Co-locate dependent services
Same region (private IP)	Free	Free	Free	Keep services in one region
Cross-AZ (same region)	$0.01/GB	$0.01/GB	$0.01/GB	Minimize AZ-crossing traffic
Cross-region	$0.02-0.09/GB	$0.01-0.05/GB	$0.01-0.08/GB	Use Direct Connect or peering
Internet egress	$0.09/GB	$0.087/GB	$0.08-0.12/GB	Use CDN for public content
To on-premises (VPN)	$0.09/GB	$0.087/GB	$0.08/GB	Use Direct Connect
To on-premises (DX)	$0.00/GB	$0.00/GB	$0.00/GB	DX egress included in port fee

NAT Gateway Optimization

# Calculate NAT Gateway vs VPC Endpoint cost
nat_cost_per_hour = 0.045
nat_cost_per_gb = 0.045
gw_endpoint_cost_per_hour = 0.01
gw_endpoint_cost_per_gb = 0.01  # Often $0 for S3/DynamoDB

data_processed_gb = 10000  # 10 TB

nat_total = (nat_cost_per_hour * 730) + (nat_cost_per_gb * data_processed_gb)
gw_total = (gw_endpoint_cost_per_hour * 730) + (gw_endpoint_cost_per_gb * data_processed_gb)

print(f"NAT Gateway cost: ${nat_total:,.2f}/month")
print(f"VPC Endpoint cost: ${gw_total:,.2f}/month")
print(f"Savings: ${nat_total - gw_total:,.2f}/month ({(1-gw_total/nat_total)*100:.0f}%)")

# Output:
# NAT Gateway cost: $482.85/month
# VPC Endpoint cost: $107.30/month
# Savings: $375.55/month (78%)

Common Data Transfer Mistakes

1. Assuming Same-Region Transfer Is Free

Same-region transfer between VPCs is NOT free unless they’re peered. VPC peering within the same region costs $0.01/GB for data processed (not transferred). Transit Gateway costs $0.02/GB per attachment.

2. Using Public IPs for Internal Traffic

Traffic over public IPs within the same AZ costs $0.01/GB. Using private IPs is free. Always configure applications to use private IPs for internal communication.

3. Not Using CDN for Static Assets

Serving images, CSS, and JS files directly from S3/Blob Storage costs $0.09/GB egress. CloudFront/CDN costs $0.085/GB egress AND reduces origin load. For global audiences, CDN is both cheaper and faster.

4. Processing Data in Wrong Region

Data generated in us-east-1 but processed in eu-west-1 incurs cross-region transfer costs. Process data where it’s generated (data gravity principle). Use region-specific processing pipelines.

5. Overusing NAT Gateways

Each NAT Gateway costs $32.40/month (idle) + $0.045/GB processed. One NAT Gateway per AZ can serve all private subnets in that AZ. Use VPC endpoints for S3, DynamoDB, and other AWS services to bypass NAT entirely.

6. Ignoring CloudFront Origin Shield

CloudFront Origin Shield adds a regional caching layer that reduces origin fetches by 60-90%. For high-volume origins, Origin Shield reduces both transfer costs and origin load.

7. Cross-Cloud Data Transfer Without Compression

Transferring uncompressed data between clouds multiplies costs. Compress before transfer (gzip reduces 3-10x for text). Use streaming compression for real-time data.

Practice Questions

1. Why is egress traffic more expensive than ingress? Cloud providers egress pricing reflects the asymmetry of the internet — most data flows from cloud to users. Ingress is often free to encourage data upload. Egress pricing also discourages leaving the provider.

2. How does CloudFront reduce data transfer costs? CloudFront caches content at edge locations, serving requests without reaching the origin. Cache hits cost $0.0075-$0.085/GB (edge egress) vs $0.09/GB (direct S3 egress). Origin Shield further reduces origin transfer.

3. When does a Direct Connect connection pay for itself? If you transfer 5+ TB/month to on-premises, Direct Connect’s flat fee ($200-1000/month) is cheaper than internet egress ($0.09/GB × 5000GB = $450/month). At 10TB/month, savings exceed $700/month.

4. What’s the cheapest way to transfer data between AWS accounts? Use VPC peering (within same region, free for data transfer, costs $0.01/GB for data processing). For cross-region, use Direct Connect Gateway or Transit Gateway. Avoid public internet.

5. Challenge: Your application serves 50TB/month of static assets to users across North America and Europe. Currently serving from S3 in us-east-1. Design a cost-optimized delivery architecture. Answer: Add CloudFront distribution with price class “US+Europe only”. Enable Origin Shield in us-east-1. Set TTL of 7 days for static assets. This reduces egress cost by 30-40% (CloudFront pricing vs direct S3) and improves latency.

Mini Project: Transfer Cost Analyzer

Create a script that analyzes data transfer costs for your AWS architecture:

#!/bin/bash
# transfer_cost_report.sh — Analyze data transfer costs

echo "=== Data Transfer Cost Analysis ==="
echo "Date: $(date)"
echo ""

# 1. Analyze NAT Gateway costs
echo "--- NAT Gateways ---"
for nat in $(aws ec2 describe-nat-gateways --query 'NatGateways[].NatGatewayId' --output text); do
    # Get processed bytes
    bytes=$(aws cloudwatch get-metric-statistics \
      --namespace AWS/NATGateway \
      --metric-name BytesOutToDestination \
      --dimensions Name=NatGatewayId,Value=$nat \
      --start-time $(date -d '30 days ago' +%Y-%m-%dT%H:%M:%SZ) \
      --end-time $(date +%Y-%m-%dT%H:%M:%SZ) \
      --period 2592000 \
      --statistics Sum \
      --output json | jq -r '.Datapoints[0].Sum // 0')

    gb=$(echo "scale=2; $bytes / 1073741824" | bc)
    nat_cost=$(echo "scale=2; ($nat_cost_per_hour * 730) + (0.045 * $gb)" | bc 2>/dev/null || echo "N/A")

    echo "NAT Gateway: $nat"
    echo "  Data processed: ${gb} GB/month"
    echo "  Estimated cost: \$${nat_cost:-N/A}/month"
done

# 2. Analyze VPC Peering costs
echo ""
echo "--- VPC Peerings ---"
for peering in $(aws ec2 describe-vpc-peering-connections \
    --query 'VpcPeeringConnections[].VpcPeeringConnectionId' --output text); do
    status=$(aws ec2 describe-vpc-peering-connections \
      --vpc-peering-connection-ids $peering \
      --query 'VpcPeeringConnections[0].Status.Code' --output text)
    echo "Peering: $peering (Status: $status)"
done

# 3. Analyze CloudFront data transfer
echo ""
echo "--- CloudFront Distributions ---"
for dist in $(aws cloudfront list-distributions \
    --query 'DistributionList.Items[].Id' --output text); do
    aws cloudfront get-distribution --id $dist \
      --query 'Distribution.DomainName' --output text
    # Get total bytes transferred
    bytes=$(aws cloudwatch get-metric-statistics \
      --namespace AWS/CloudFront \
      --metric-name BytesDownloaded \
      --dimensions Name=DistributionId,Value=$dist,Name=Region,Value=Global \
      --start-time $(date -d '30 days ago' +%Y-%m-%dT%H:%M:%SZ) \
      --end-time $(date +%Y-%m-%dT%H:%M:%SZ) \
      --period 2592000 \
      --statistics Sum \
      --output json | jq -r '.Datapoints[0].Sum // 0' 2>/dev/null)

    cdn_gb=$(echo "scale=2; $bytes / 1073741824" | bc)
    echo "  Data delivered: ${cdn_gb} GB/month"
done

echo ""
echo "=== Recommendations ==="
echo "1. Check if S3 VPC Gateway endpoints can replace NAT"
echo "2. Verify CloudFront Origin Shield is enabled"
echo "3. Confirm inter-AZ traffic uses private IPs"

FAQ

How do I monitor data transfer costs in real time?

Use AWS Cost Explorer with the “Data Transfer” service filter. Set up AWS Budgets alerts for specific transfer amounts. For per-instance monitoring, enable VPC Flow Logs and analyze with Athena.

Is data transfer between containers in the same pod free?

Yes — containers in the same Kubernetes pod share the same network namespace. Communication between pods on the same node goes through the node’s network and may incur costs depending on the CNI plugin.

What’s the cheapest way to move 100TB to the cloud?

Use AWS Snowball or Azure Data Box — physical devices shipped to you. Upload locally, ship back. Costs $200-300 + shipping vs. $9,000+ for internet upload. For ongoing transfer, use Direct Connect.

Does AWS charge for data going to other AWS services?

No — data transfer between AWS services in the same region is generally free (S3 to EC2, Lambda to DynamoDB, etc.). Data transfer between regions is charged at inter-region rates.

How does CloudFront’s price class work?

Price class 100: US+Europe only (cheapest). Price class 200: US+Europe+Asia/Middle East/Africa. Price class All: all edge locations (expensive but best global latency). Choose the minimum you need.

Do I pay for failed requests?

Yes — data transfer costs apply for all data served, including 404/500 responses. A DDoS attack that triggers many responses can generate significant transfer costs. Use WAF and rate limiting to mitigate.

What’s Next

SaaS Cost Management

Cloud FinOps Practices

Reserved Instances

Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro. Updated 2026-06-20.

Previous Storage Cost Optimization — S3 Lifecycle, Azure Blob Tiers, GCP Storage Classes, Archival Next SaaS Cost Management — SaaS Sprawl, License Optimization, Usage Tracking, Vendor Consolidation

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro

Home Browse DevOps & Cloud Cost Optimization