AWS Data Transfer Charges: Cross-AZ, Cross-Region, NAT

Data transfer is the line item nobody understands until it's $40k a month. Here's a clear map of where AWS actually charges you and what to do about it.

By Andrii Votiakov on 2026-02-19

Data transfer charges are the most confusing part of any AWS bill. There are at least six different rates depending on direction, source, and destination, and the documentation is spread across a dozen service pages. After enough audits, you learn to spot the patterns.

Quick answer

AWS charges for traffic in three main ways: inter-AZ (around $0.01/GB each direction), inter-region (around $0.02/GB), and internet egress (about $0.09/GB for the first tier, dropping with volume). Inbound from internet is free. Same-AZ traffic between resources is free. NAT Gateway and CloudFront add their own per-GB fees on top.

The chargeable directions

Mental model that helps:

  • Same AZ, same VPC, same service tier: free (with caveats)
  • Cross-AZ, same VPC: $0.01/GB out + $0.01/GB in = $0.02/GB total
  • Cross-region: $0.02/GB
  • Out to internet: $0.09/GB tier 1, decreasing past 10 TB
  • NAT Gateway processing: $0.045/GB on top of any of the above
  • VPC peering, intra-region: $0.01/GB each side
  • CloudFront origin pull: free from S3 and EC2 in the same region

The five most common bill bombs

1. Chatty microservices across AZs

Service A in AZ-a calls Service B in AZ-b 1,000 times a second, 2 KB per request. That's about 4 TB/month each direction = ~$80/month per service pair. Multiply by dozens of pairs and it adds up fast.

Fix: AZ affinity. Pin services that talk a lot to the same AZ via topology-aware routing in Kubernetes (topology.kubernetes.io/zone aware Services), or co-locate ECS tasks in one AZ for non-critical paths.

2. RDS Multi-AZ in dev and staging

Multi-AZ RDS replicates synchronously across AZs. The replication itself is free, but every read and every connection from the wrong AZ costs cross-AZ. On a busy dev DB this can be hundreds a month for no real benefit.

Fix: Single-AZ for non-prod. Enable Multi-AZ only for production.

3. EKS pods pulling images cross-AZ

Default EKS scheduling doesn't care which AZ pulls images from which ECR endpoint. With dozens of nodes pulling 500 MB images, cross-AZ data transfer through NAT Gateway processing can be the most expensive part of an EKS cluster's bill.

Fix: ECR pull-through cache plus Interface Endpoints in every AZ. ImagePullPolicy IfNotPresent (not Always).

4. S3 reads from the wrong region

A pipeline running in us-east-1 reading 5 TB/month from a bucket in eu-west-1. That's ~$100 in cross-region data transfer monthly, plus latency.

Fix: Same-region buckets. If you genuinely need cross-region access, S3 Replication is usually cheaper than repeated cross-region reads.

5. Internet egress from VPC instead of CloudFront

Serving static assets, API responses or images directly out of EC2 or an ALB to internet at $0.09/GB. CloudFront sits at $0.085/GB in similar tiers but drops to $0.02/GB at higher volume — and origin-to-CloudFront within AWS is free.

Fix: Put a CloudFront distribution in front. Bonus: better latency, free TLS, simpler caching.

How to actually see where it's going

Cost Explorer hides data transfer inside service totals. Use these filters to expose it:

  1. Cost Explorer → group by Usage Type
  2. Filter to usage types containing DataTransfer
  3. Group by Linked Account, then by Service

You'll see lines like DataTransfer-Regional-Bytes, DataTransfer-Out-Bytes, EU-EU-AWS-In-Bytes. Each tells you a different story.

For the network-level detail, VPC Flow Logs to Athena gives you per-ENI breakdowns. Schedule a weekly query of the top 50 source/destination pairs and you'll find leaks faster than any tool. The same pattern applies when right-sizing EC2 instances — both need 14 days of real traffic data to surface the real picture.

Realistic savings

On a typical $30k/month AWS bill:

  • Multi-AZ RDS in non-prod = $200-800/mo
  • Cross-AZ chatter from a few microservices = $1-5k/mo
  • ECR pulls cross-AZ + via NAT = $500-3k/mo
  • Internet egress that should be CloudFront = $1-10k/mo for any media-heavy product

Add these up and you're routinely looking at 10-25% of the bill in transfer alone.

If your AWS bill has a mysterious "data transfer" line eating into your margin and you want it diagnosed, book a call.