Overview of Data Transfer Costs for Common Architectures

Data transfer charges are often overlooked while architecting a solution in AWS. Considering data transfer charges while making architectural decisions can help save costs. This information will help identify potential data transfer charges you may encounter while operating your workload on AWS. Service charges are out of scope for this blog, but should be carefully considered when designing any architecture.

1. Data transfer between AWS and internet

• There is no charge for inbound data transfer across all services in all Regions
• **Data transfer from AWS to the internet is charged **per service, with rates specific to the originating Region

2. Data transfer between your workload and other AWS services

• When your workload accesses AWS services, you may incur data transfer charges

3. Accessing services within the same AWS Region

• If the internet gateway is used to access the public endpoint of the AWS services in the same Region, there are no data transfer charges
• If a NAT gateway is used to access the same services, there is a NAT Gateway-hour charge and data processing charge (per gigabyte (GB)) for data that passes through the gateway

4. Accessing services across AWS Regions

• If your workload accesses services in different Regions, there is a charge for data transfer across Regions. The charge depends on the source and destination Region

• Documentation: Cost of Data Transfer out from EC2 to Regions
• Note : Every month, AWS customers get free 100 GB data transfer out to the internet, aggregated across all services and AWS regions (except China and GovCloud)

5. Workload components in same AWS Region

• Data transfer within the same Availability Zone is free. One way to achieve high availability for a workload is to deploy in multiple Availability Zones
• Consider a workload with two application servers running on Amazon EC2 and a database running on Amazon Relational Database Service (Amazon RDS) for MySQL. For high availability, each application server is deployed into a separate Availability Zone. Here, data transfer charges apply for cross-Availability Zone communication between the EC2 instances. Data transfer charges also apply between Amazon EC2 and Amazon RDS

• To minimize impact of a database instance failure, enable a multi-Availability Zone configuration within Amazon RDS to deploy a standby instance in a different Availability Zone. Replication between the primary and standby instances does not incur additional data transfer charges. However, data transfer charges will apply from any consumers outside the current primary instance Availability Zone

• Documents: Amazon RDS - data transfer cost

6. VPC peering

• A common pattern is to deploy workloads across multiple VPCs in your AWS network
• Two approaches to enabling VPC-to-VPC communication are VPC peering connections and AWS Transit Gateway
  • Data transfer over a VPC peering connection that stays** within an Availability Zone** is free
  • Data transfer over a VPC peering connection that crosses Availability Zones will incur a data transfer charge for in/out traffic

• Documentation: VPC peering - pricing

7. Transit Gateway

• Transit Gateway can interconnect hundreds or thousands of VPCs.
  • Cost elements for Transit Gateway include an hourly charge for each attached VPC, AWS Direct Connect, or AWS Site-to-Site VPN
  • Data processing charges apply for each GB sent from a VPC, Direct Connect, or VPN to Transit Gateway

8. Workload components in different AWS Regions

• If workload components communicate across multiple Regions using VPC peering connections, additional data transfer charges apply. If the VPCs are peered across Regions, standard inter-Region data transfer charges will apply

• For peered Transit Gateways, you will incur data transfer charges on only one side of the peer. Data transfer charges do not apply for data sent from a peering attachment to a Transit Gateway. The data transfer for this** cross-Region peering connection** is in addition to the data transfer charges for the other attachments

9. Data transfer between AWS and “on-premises data centers” by AWS Site-to-Site VPN

• One option to connect workloads to an on-premises network is to use one or more Site-to-Site VPN connections. These charges include an hourly charge for the connection and a charge for data transferred from AWS.

• Another option to connect multiple VPCs to an on-premises network is to use a Site-to-Site VPN connection to a Transit Gateway.
• The Site-to-Site VPN will be considered another attachment on the Transit Gateway.

• Documentation: AWS VPN pricing
• Documentation: AWS Transit Gateway pricing

10. Data transfer between AWS and “on-premises data centers” by AWS Direct Connect

• Direct Connect can be used to connect workloads in AWS to on-premises networks
• Direct Connect incurs a fee for each hour the connection port is used and data transfer charges for data flowing out of AWS
• Data transfer into AWS is $0.00 per GB in all locations
• The data transfer charges depend on the source Region and the Direct Connect provider location

• Direct Connect can also connect to the Transit Gateway (via Direct Connect Gateway) if multiple VPCs need to be connected
• Direct Connect is considered another attachment on the Transit Gateway and standard Transit Gateway pricing applies

• Documentation: AWS Direct Connect pricing

• Documentation: AWS Transit Gateway pricing

• A Direct Connect gateway can be used to share a Direct Connect across multiple Regions. When using a Direct Connect gateway, there will be data transfer out charges based on the source Region and Direct Connect location

11. General tips

• Data transfer charges apply based on the source, destination, and amount of traffic. Here are some general tips for when you start planning your architecture:

• Avoid routing traffic over the internet when connecting to AWS services from within AWS by using VPC endpoints:

  • VPC gateway endpoints allow communication to Amazon S3 and Amazon DynamoDB without incurring data transfer charges within the same Region
  • VPC interface endpoints are available for some AWS services. This type of endpoint incurs hourly service charges and data transfer charges

• Use Direct Connect instead of the internet for sending data to on-premises networks

• Traffic that crosses an Availability Zone boundary typically incurs a data transfer charge.

• Traffic that crosses a Regional boundary will typically incur a data transfer charge. Avoid cross-Region data transfer unless your business case requires it

• Use the AWS Free Tier. Under certain circumstances, you may be able to test your workload free of charge

• Use the AWS Pricing Calculator to help estimate the data transfer costs for your solution

• Use a dashboard to better visualize data transfer charges – this workshop will show how.