TL;DR: Cloud data transfer costs can account for 10-30% of your cloud bill, yet most teams don't understand the pricing until they get shocked by a massive invoice. I break down exactly where these costs hide, compare AWS, GCP, and Azure pricing, and show you how to potentially save 60-80% on egress fees.
The $2,657 Overnight Surprise
A developer shared a 13.7 GB file that went viral. His AWS bill jumped from $23 to $2,657 overnight. Every download by every user worldwide was charged at $0.09/GB. No warning, no cap, just a bill.
This story is more common than you think. And it is why I spent the last month researching cloud data transfer pricing across AWS, GCP, and Azure.
What I found was eye opening.
The Basics: Why Cloud Providers Love Egress
Here is the fundamental asymmetry of cloud pricing:
- Data IN (ingress): FREE across all major providers
- Data OUT (egress): $0.05 to $0.23 per GB
This is not accidental. Cloud providers want your data to flow in freely. Getting it out? That will cost you. It is often called the "Hotel California" model of cloud computing.
Current Pricing Comparison (2025)
I verified these numbers across official documentation and third party sources:
Egress to Internet (US Regions)
| Tier | AWS | GCP Premium | Azure |
|---|---|---|---|
| Free tier | 100 GB/month | 1 GiB | 100 GB/month |
| First 10 TB | $0.09/GB | $0.12/GiB | $0.087/GB |
| 10-50 TB | $0.085/GB | $0.11/GiB | $0.083/GB |
| 50-150 TB | $0.07/GB | $0.08/GiB | $0.07/GB |
| 150+ TB | $0.05/GB | $0.08/GiB | $0.05/GB |
Quick math: 10 TB of monthly egress costs:
- AWS: $900
- GCP Premium: $1,100
- Azure: $870
- Cloudflare R2: $0 (yes, zero)
The Hidden Costs Nobody Talks About
Standard egress is just the tip of the iceberg. Here is where the real money disappears.
1. NAT Gateway: The Silent Budget Killer
If you run workloads in private subnets (which you should for security), traffic to the internet goes through a NAT Gateway. The cost?
- Hourly charge: $0.045/hour ($32.85/month per gateway)
- Data processing: $0.045/GB
Let me break down a real scenario. You have 100 GB going to S3 through a NAT Gateway:
| Component | Cost |
|---|---|
| NAT processing | 100 GB x $0.045 = $4.50 |
| Internet egress | 100 GB x $0.09 = $9.00 |
| Total | $13.50 |
But here is the thing: S3 traffic through a VPC Gateway Endpoint is FREE.
One developer at Geocodio documented a "$1,000 AWS mistake" where traffic to AWS services in the same region was routed through NAT Gateway. All of that was avoidable.
2. Cross-AZ Traffic: Death by a Thousand Cuts
Every time data crosses between Availability Zones, you pay $0.01/GB in each direction. That is $0.02/GB round trip.
Seems small? Consider this:
- Your app server is in AZ-1
- Your database (Multi-AZ RDS) is in AZ-2
- Every query response crosses zones
A database doing 10 TB of response traffic monthly costs an extra $200 just in cross-AZ fees. Multiply that across all your services.
3. Load Balancer Data Processing
Your Application Load Balancer processes all that traffic. When requests come in on one AZ and targets live in another, you pay twice.
GCP Load Balancing charges:
- Inbound data processed: $0.008/GiB
- Outbound data processed: $0.008/GiB
- Plus forwarding rules: $0.025/hour (first 5), $0.01/hour each additional
4. Public IPv4 Addresses (AWS, 2024)
New as of February 2024, AWS charges $0.005/hour for all public IPv4 addresses. That is $3.60/month per IP, in-use or idle.
10 public IPs sitting there? That is $36/month before you transfer any data.
Where This Gets Expensive: Multi-Cloud and Hybrid
Moving data between clouds or to on-premises is where costs really add up.
Option 1: Over the Internet (Expensive)
AWS to GCP via public internet:
- AWS egress: $0.09/GB
- GCP ingress: FREE
- Total: $0.09/GB
For 50 TB monthly: $4,500
Option 2: Dedicated Interconnect (Better Economics)
| Service | Port Fee (10 Gbps) | Data Transfer |
|---|---|---|
| AWS Direct Connect | $2.25/hour (~$1,643/mo) | $0.02/GB |
| Azure ExpressRoute | $3,400/month | $0.025/GB |
| GCP Cross-Cloud Interconnect | $5.60/hour (~$4,032/mo) | Same as inter-region |
For high volume transfers, dedicated connections pay for themselves quickly. At 50 TB monthly, Direct Connect saves ~$3,500 compared to internet egress.
Companies That Solved This
Dropbox: $75 Million Saved
Dropbox was one of S3's largest customers. In 2015-2016, they built their own storage infrastructure called "Magic Pocket" and migrated off AWS.
The result: $74.6 million in savings over two years. First year alone saved $39.5 million.
At their scale, owning infrastructure beats renting.
Basecamp/37signals: $10 Million Over Five Years
In 2023, Basecamp left AWS and Google Cloud. Their results:
- Total projected savings: $10+ million over five years
- Already saving: $1 million/year
- S3 exit alone: $5,000/day ($150K/month)
DHH (their founder) wrote extensively about this. They bought ~$600K in hardware and added no new staff. The payback period was less than a year.
Netflix: Built Their Own CDN
Netflix does not stream videos out of AWS. The egress costs would be astronomical. Instead, they built Open Connect, their own CDN with appliances placed directly in ISP networks.
Quote from an industry analyst: "The underlying economics of data transfer does not reflect how the cloud providers price for it. We are still paying 1990s prices for bandwidth when we are in the cloud."
How to Reduce Your Egress Costs
Based on my research, here are the highest impact optimizations:
1. VPC Gateway Endpoints for S3/DynamoDB (100% Savings)
These are free and route traffic directly to S3/DynamoDB without touching NAT Gateway or the internet.
# Terraform example
resource "aws_vpc_endpoint" "s3" {
vpc_id = aws_vpc.main.id
service_name = "com.amazonaws.${var.region}.s3"
vpc_endpoint_type = "Gateway"
route_table_ids = [aws_route_table.private.id]
}
2. CloudFront for Content Delivery (60-80% Reduction)
CloudFront to S3 origin is free. You only pay CloudFront egress, which is cheaper than S3 direct:
| Method | Cost per 10K requests |
|---|---|
| S3 direct | $0.05 |
| CloudFront | $0.0075 |
Plus caching means you serve from edge instead of origin.
3. Compression Before Transfer (50-80% Reduction)
Compress everything:
- Gzip for general purpose
- Brotli for text content (better ratio than Gzip)
- Delta encoding for incremental updates
4. Same-AZ Deployment (Eliminate Cross-AZ)
If high availability is not critical for a workload, keep everything in one AZ. Same-AZ traffic is free.
5. Consider Cloudflare R2 for Storage Heavy Workloads
R2 has zero egress fees. For a workload with 10 TB storage and 50 TB monthly egress:
| Provider | Monthly Cost |
|---|---|
| AWS S3 | $230 (storage) + $4,500 (egress) = $4,730 |
| Cloudflare R2 | $150 (storage only) |
That is a 97% reduction.
Monitoring and Alerting
You cannot optimize what you do not measure. Set up:
- AWS Cost Explorer with daily data transfer breakdown
- CloudWatch alarms on NAT Gateway bytes processed
- Budget alerts specifically for data transfer line items
- VPC Flow Logs to understand traffic patterns (but watch the logging costs)
# Check your data transfer costs (AWS CLI)
aws ce get-cost-and-usage \
--time-period Start=2024-01-01,End=2024-01-31 \
--granularity MONTHLY \
--metrics "UnblendedCost" \
--filter '{"Dimensions":{"Key":"USAGE_TYPE_GROUP","Values":["EC2: Data Transfer - Internet (Out)","EC2: Data Transfer - Region to Region (Out)"]}}'
The Regulatory Push
The European Data Act (effective September 2025) is forcing cloud providers toward transparent pricing and easier data portability. All three major providers now offer egress fee waivers for complete cloud departures:
- AWS: Waiver upon account team approval
- GCP: Waiver for full migration off platform
- Azure: 100GB credits for 60 days
The catch? These only apply to complete departures, not ongoing multi-cloud operations.
Key Takeaways
Ingress is free, egress is not. Plan your architecture with data gravity in mind.
NAT Gateway is the biggest hidden cost. Use VPC Gateway Endpoints for S3/DynamoDB.
Cross-AZ traffic adds up. $0.01/GB each way on every hop.
At scale, consider alternatives. Dropbox saved $75M, Basecamp saves $1M/year.
CDN and compression are low-hanging fruit. 60-80% reduction for content delivery.
Cloudflare R2 has zero egress. Seriously consider it for storage-heavy workloads.
Monitor proactively. One viral file can turn a $23 bill into $2,657 overnight.
Resources
- AWS Data Transfer Pricing
- GCP Network Pricing
- Azure Bandwidth Pricing
- Basecamp Cloud Exit
- Cloudflare R2 Pricing
What is the worst data transfer bill you have received? I would love to hear your horror stories and optimization wins in the comments.
Top comments (0)