AWS: Cost optimization — services expenses overview and traffic costs in AWS
Let’s proceed with our journey on AWS Cost Optimization topics. Previous parts — AWS: Cost Explorer — costs checking on the CloudWatch Logs example and AWS: cost optimization — purchasing RDS Reserved Instances.
One of the shortcomings of the cloud-based architecture is the fact, that it can cost much more than when using own bare-metal servers. With this, cloud providers can have a confusing billing scheme, where you’ll pay for resources used, traffic, and so on.
So, in this post, we will try to understand — for what are paying when using Amazon Web Services, and in the following parts will check useful AWS services to control and optimize AWS environments with Cost Explorer, Trusted Advisor, Compute Optimizer, AWS Budget, etc.
- Costs categories on AWS
- AWS Services payment table
- AWS Data Transfer Costs
- AWS Data Transfers over the Internet
- Inbound traffic from the Internet into AWS
- Outbound traffic from the AWS Cloud to the Internet
- Data Transfer Costs inside of the AWS Cloud
- Inter-Region data transfers
- Data transfers between AWS Regions and Direct Connect locations
- Data transfers between CloudFront Edge locations and AWS Regions
- AWS Data transfer inside on an AWS Region
- AWS traffic billing map
- AWS traffic advice
- Useful links
Costs categories on AWS
All costs can be splitter into three main groups — Compute, Storage, and Data Transfer:
- Compute : charges for the rent of used CPU and RAM capacity, a price depends on a used instance type
- Storage: charges for the data stored
- Data transfer : in most cases inbound traffic or traffic between services in the same AWS Region is free, but with exclusions. Actually, the traffic costs on AWS will be described in detail in the AWS Data Transfer Costs part of this post UPDATE
And I’d add another category for Data processing : this will include charges for HTTP(S) requests and data processing by an AWS service.
Knowing these categories, it will be easy to understand for what do you pay on AWS.
Let’s take a closer look with service examples:
- Compute:
- instance usage time (EC2, RDS, Redshift)
- serverless computes (Lambda)
- CPU credits usage for T-family instances (the “T2/T3/Т4 Unlimited mode”) (EC2, RDS, Redshift)
- payment type — On Demand, Spot, Reserved, etc (EC2, RDS)
- deployment type — one or multi-availability zones (RDS)
- instance type and its CPU and RAM capacity
- Storage:
- Elastic Block Store (EBS):
- a number of read/write operations
- data storage used
- data transfer
- snapshots store (by the S3 price)
- disk type — SSD, HDD
- Simple Store Service (S3):
- storage type (Standard, Infrequently-Accessed, Glacier)
- number of objects stored
- Data transfer:
- data sent (NAT Gateway, LoadBalancer, EC2/EBS, S3)
- Data processing:
- a volume of received and/or processed data (Kinesis, CloudWatch Logs)
- a number of processed HTTP(S) requests(CloudFront, API Gateway)
Also, we are charged additional costs for the:
- API requests to the AWS API (CloudWatch metrics collect, CloudTrail events)
- AWS Marketplace licenses
- and additional charges specific for an AWS Service like a number of rules in AWS WAF WebACL, that affects WAF charges, RDS Insights, extended CloudWatch monitoring for EC2, and so on
AWS Services payment table
Let’s collect main AWS services to a table to see for what we are paying for when using a Service:
AWS Data Transfer Costs
And let’s discuss the most interesting topic: for what are we paying when sending traffic on AWS?.
As a general rule, traffic on AWS can be divided into two parts — between Amazon Web Services and the Internet, and inside of the AWS network. Also, traffic price can be different depending on its direction — into the same or another Availability Zone, AWS VPC, or an AWS Region.
So, just keep in mind that:
- all outbound traffic will be charged for all services that have an Elastic Network Interface (EC2, ALB)
- all cross-availability zone traffic
- all cross-region traffic
AWS Data Transfers over the Internet
Inbound traffic from the Internet into AWS
Almost all incoming traffic from the Internet to the AWS Cloud is free of charge.
And vise versa — almost all outbound traffic will cost us some money.
Outbound traffic from the AWS Cloud to the Internet
Outgoing traffic from an AWS account to the Internet will be billed by an AWS Region price as they are varied. See the Amazon EC2 On-Demand Pricing > Data Transfer — Data Transfer IN To Amazon EC2 From Internet and Data Transfer OUT From Amazon EC2 To Internet.
Also, when AWS will charge you for the outgoing traffic, it will summarize outbound traffic from the following services in your account:
- Amazon RDS
- Amazon Redshift
- Amazon SES
- Amazon SimpleDB
- Amazon EBS
- Amazon S3
- Amazon Glacier
- Amazon SQS
- AWS Storage Gateway
- Amazon SNS
- Amazon DynamoDB
- Amazon CloudWatch Logs
Data Transfer Costs inside of the AWS Cloud
Inter-Region data transfers
Data transfer between AWS Regions will be charged by the price of the source region. In the same table on the Amazon EC2 On-Demand Pricing > Data Transfer page in the Data Transfer OUT From Amazon EC2 To you can see a price for each region.
For example, we have an S3 bucket in the us-east-2, Ohio, and it has S3 replication configured to a bucket in the us-west-1, N. California, see the AWS: S3 Cross-Region Replication with DeleteMarkers set up for more details. In that case, we will be charged by the price of the us-east-2, Ohio.
Data transfers between AWS Regions and Direct Connect locations
Although the main rule is that incoming traffic is free, for the Direct Connet there is an exclusion, as its incoming traffic will be charged, and depends on the source and target region’s prices. See Data transfer out (DTO) pricing for AWS Direct Connect.
For example, data transfer from Ohio to a Direct Connection in N. California will cost $0.0200 per GB, and from Ohio to Ireland, eu-west-1 — $0.0282 per GB sent.
Data transfers between CloudFront Edge locations and AWS Regions
Edge locations for CloudFront are AWS data centers to store information obtained from origins.
Here, we are paying for the:
- data transfer from Edge locations to the Internet
- data transfer from Edge locations to origins
- a number of HTTP(S) requests processed
And again — the price will depend on the source and target region, see more at Amazon CloudFront Pricing.
AWS Data transfer inside on an AWS Region
When AWS services communicate in the bound of the same AWS Region, some traffic can be charged as well.
- data transfer between Amazon EC2, AWS containers, Amazon RDS, Amazon Redshift, Amazon DynamoDB Accelerator (DAX), Amazon ElastiCache instances, or Elastic Network Interfaces between different Availability Zones, whether it was sent over a public or private IP, or using Elastic IPv4, will cost $0.01 per GB in both directions
For example, we are sending 500 GB from a Redshift cluster in a VPC-1 to an EC2 instance in the same VPC, but neighboring Availability Zone — in that case, we will be charged $5 for the outgoing traffic from the VPC-1, and another $5 for the incoming traffic to the VPC-2.
- data transfer between EC2 instance, containers, or Elastic Network Interfaces in the same Availability Zone VPC using a Public IP or Elastic IP will cost $0.01 per GB in each direction
If you have two EC2, each with its own Elastic IP attached — then we will be charged for the data transfer.
- data transfer between EC2 instances, containers, or Elastic Network Interfaces in the same Availability Zone and the same VPC using private IP is free of charge
Here is simple enough: use only Private IPs inside of a VPC, do not pass the AZ-borders — and you’ll pay nothing.
- data transfer between AWS services that can not be bounded by an Availability Zone or VPC (such as AWS S3, DynamoDB, SES, Kinesis, etc) and EC2 instances or other services in the same AWS Region is free of charge
Also, some cross-AZ traffic is free for services that use multi-AZ deployments, such as Amazon Aurora, Amazon Neptune, and Amazon RDS.
Also, traffic between Classic or Application Load Balancer and EC2 in the same AWS Region is free.
AWS traffic billing map
During a lot of googling while writing this post, I didn’t get something similar to a map with an illustrative demonstration on the AWS traffic charges. The only thing I’ve found is the Overview of Data Transfer Costs for Common Architectures on AWS Blogs.
So, on the scheme below I’ve tried to demonstrate which traffic will be billed on AWS:
Let’s check it step-by-step starting from an “entry point” — the Load Balancer in the Region-1 and AZ-1.
Region-1, Availability Zone-1:
- LoadBalencer incoming traffic is charged (because LCU includes bytes processed)
- then, the traffic if going from the ALB to an EC2 — and it’s free
- EC2 sends responses via a NAT Gateway, during this data transfer between this EC2 and NAT GW is free, but NAT GW’s outgoing traffic will be billed
- EC2 sends data to a CloudFront Edge Location in the same AWS Region, and this is free, but sending data from CloudFront to visitors is billed
- data traffic from CloudFront Edge Locations to EC2 will be billed
- data transfer between EC2 and an S3 in the same region is free
- EC2 via a VPC peering connection talks to an RDS Master instance in the same AZ — and this is also free
- EC2 via a VPC peering connection talks to an RDS Slave in another AZ — this will be billed (cross-AZ)
- replication traffic between RDS Master and its RDS Slave in the same AWS Region is free
Region-1, Availability Zone-2:
- data traffic from the EC2 in the AZ-2 to the EC2 in the AZ-1 is charged as it is cross-AZ traffic
- traffic between EC2 and RDS Slave in the AZ-2 is free
- but traffic from the EC2 and RDS Master will be billed, as again it’s cross-AZ
Region-2, Availability Zone-3:
- outgoing traffic from the EC2 in this Region to the EC2 in the Region-1 will be billed, as this is the cross-region transfer
- outgoing traffic from the EC2 in this Region to the S3 bucket in the Region-1 will be billed, as this is the cross-region transfer
AWS traffic advice
- try to keep all your workloads in the same AWS Region, and if will need to use another — choose a one with the lowest price
- try to keep all your workload in the same Availability Zone and VPC, and to use private IPs for connections
- avoid using NAT Gateways as it’s billed by the outgoing traffic. Where it’s possible — use Internet Gateways instead
- use CloudFront if you need to send data to users — it will be faster and cheaper in bills than if sending traffic directly from an EC2 instance
Useful links
- How AWS Pricing Works
- How AWS Pricing WorksOptimize and Save your IT costs
- How are charges for Amazon EBS volumes calculated on my bill?
- Overview of Data Transfer Costs for Common Architectures
- The Ultimate Guide to AWS T3 Instances Pricing
- Your Comprehensive Guide to Understanding AWS Data Transfer Costs
- AWS Data Transfer Pricing: 7 Ways To Reduce Unexpected Costs
- AWS Application Load Balancer cost estimation
- The Guide to AWS Data Transfer Pricing and Saving
- Keep costs under control when using t3 instances
Originally published at RTFM: Linux, DevOps, and system administration.
Top comments (0)