.png)
Data transfer is the third-largest line item on most AWS bills — behind compute and storage. It earns that position not because any individual transfer rate is high, but because modern architectures generate transfer constantly: microservices calling each other across availability zones, databases replicating to standbys, applications pushing logs to S3, users downloading content. None of these appear as a line in your architecture diagram. All of them appear on your bill.
This guide covers every AWS data transfer scenario with verified 2026 rates. Use the table below as a quick reference, then read the sections for context on which charges catch teams by surprise most often.
Complete AWS Data Transfer Rate Table
| Transfer Scenario | Rate | Free? | Notes |
| Ingress from internet to AWS | $0 | FREE | All regions, all services |
| Same AZ (private IP, EC2-to-EC2) | $0 | FREE | Must use private IP addresses |
| S3 to EC2 (same region) | $0 | FREE | Same-region S3-to-EC2 is always free |
| S3 to CloudFront (same account) | $0 | FREE | Deliberate incentive to use CloudFront for delivery |
| EC2 to S3, DynamoDB, SNS, Kinesis (same region) | $0 | FREE | Service-to-service within same region via AWS network |
| PrivateLink inter-AZ (Transit Gateway, Client VPN) | $0 | FREE | Free since April 2022 (AWS official announcement) |
| Internet egress: first 100 GB/month | $0 | FREE | Always-free tier across all services and regions |
| Cross-AZ (private IP, same region) | $0.01/GB each direction | Paid | $0.02/GB round-trip. Applies to EC2, ECS, EKS inter-AZ traffic |
| Internet egress: 100 GB to 10 TB/month | $0.09/GB | Paid | US East. Region-specific rates vary |
| Internet egress: 10 TB to 50 TB/month | $0.085/GB | Paid | Volume discount tier |
| Internet egress: 50 TB to 150 TB/month | $0.07/GB | Paid | Volume discount tier |
| Internet egress: over 150 TB/month | $0.05/GB | Paid | Highest volume tier |
| Cross-region (most US corridors) | $0.02/GB | Paid | us-east-1 to us-west-2: $0.02/GB. Intra-continent rates: $0.01-0.02 |
| Cross-region (US to Asia Pacific, South America) | $0.05-0.09/GB | Paid | Rates vary significantly by destination region |
| NAT Gateway processing | $0.045/GB + $0.045/hr | Paid | $32.85/month base charge plus per-GB. On top of egress fees |
| VPC Endpoint (PrivateLink) data processing | $0.01/GB | Paid | 78% cheaper than NAT Gateway for AWS service traffic |
| Cross-region (RDS read replica replication) | $0.02/GB | Paid | Standard cross-region rate applies to RDS replication traffic |
| Public IPv4 address | $0.005/hr per IP | Paid | $3.65/month per IP. Charged even when idle. Since Feb 2024 |
| Direct Connect outbound (US) | $0.02/GB | Paid | Lower than internet egress. Inbound: free |
All rates: US East (N. Virginia), May 2026. Verify at aws.amazon.com/ec2/pricing/on-demand — rates change by region and scenario.
Green = free. Red = charged. Sources: AWS official pricing (aws.amazon.com/ec2/pricing/on-demand), AWS announcement April 2022 (PrivateLink inter-AZ free), AWS official IPv4 pricing announcement (February 2024). Verify all rates — rates change and vary by region.
See exactly what you’re overpaying AWS in under 60 seconds. Try the Calculator for free →
The Three Charges That Catch Teams Off Guard
1. Cross-AZ Traffic: The Silent Accumulator
The $0.01/GB cross-AZ rate looks trivial until you calculate what a Kubernetes cluster or microservices architecture generates in a month. A busy EKS cluster with 50 services spread across three availability zones generates 5-10 TB of inter-AZ traffic monthly from service-to-service calls, DNS queries hitting CoreDNS pods in the wrong AZ, and load balancer health checks. At $0.02/GB round-trip, that is $100-200/month in pure network fees before a single byte leaves AWS.
Cross-AZ charges appear in Cost Explorer as DataTransfer-Regional-Bytes. They do not show up as a prominent line item by default — they are buried in the EC2-Other category. The fix for Kubernetes workloads: enable topology-aware routing so Kubernetes preferentially routes service traffic to pods in the same AZ as the caller. For databases: Multi-AZ replication between primary and standby crosses AZ boundaries but is free for RDS — the replication traffic is not charged. User-initiated cross-AZ application traffic is charged.
2. NAT Gateway: The Double Charge
NAT Gateway charges $0.045/GB of data processed plus $0.045/hr ($32.85/month) just to exist. What makes it expensive is the double charge: when a container in a private subnet calls an AWS service (S3, DynamoDB, CloudWatch) via NAT Gateway, you pay $0.045/GB for NAT Gateway processing on top of any internet egress charges. A container pulling its own S3 configuration on startup pays NAT Gateway processing fees for what should be free AWS-internal traffic.
The fix: create VPC Endpoints for the AWS services your workloads call most frequently — S3, CloudWatch Logs, ECR, STS, Secrets Manager. Traffic to those services via a VPC Endpoint bypasses NAT Gateway entirely. VPC Endpoint data processing costs $0.01/GB versus NAT Gateway’s $0.045/GB — 78% cheaper. For ECR-heavy container workloads pulling large images, this single change frequently saves $50-150/month per cluster.
IAC note: the standard Terraform module for a production-ready VPC provisions one NAT Gateway per AZ for high availability. Three AZs = three NAT Gateways = $98.55/month ($32.85 x 3) in base charges before any data flows. For development environments that do not need per-AZ NAT resilience, one NAT Gateway serves all three AZs adequately at one-third the base cost. Source: computingforgeeks.com (April 2026).
3. The Public IPv4 Charge: $3.65/Month per Address
Since February 2024, AWS charges $0.005/hr for every public IPv4 address in your account — including idle addresses, Elastic IPs not attached to a running instance, and IP addresses attached to stopped instances. At $3.65/month per IP, a team with 100 public IPs (a common count for a medium-size deployment with load balancers, EC2 instances, and NAT Gateways) pays $365/month just for IP address possession.
Audit your Elastic IPs: aws ec2 describe-addresses –query ‘Addresses[?AssociationId==null].[PublicIp,AllocationId]’. Any Elastic IP not attached to a running resource is generating pure waste at $3.65/month. Release unused Elastic IPs immediately. For private-only workloads communicating via internal load balancers and VPC Endpoints, evaluate whether public IPs are needed at all.
Also read: Compute Savings Plans: Complete Guide (compute discounts, not transfer)
How the Ingress vs Egress Asymmetry Works
AWS does not charge for data coming into AWS from the internet. A user uploading a 10 GB file to S3 incurs $0 in transfer charges regardless of region. A user downloading that same 10 GB file from S3 incurs $0.09/GB = $0.90 in internet egress charges.
This asymmetry is intentional and common across cloud providers. It incentivizes storing data in AWS (ingress is free) while creating a revenue stream on the egress side. The practical implication for architecture: data-heavy read workloads are more expensive than data-heavy write workloads from a transfer perspective.
For content delivery applications: CloudFront is the standard tool for reducing internet egress cost. S3-to-CloudFront transfer within the same account is free. CloudFront then serves requests to users at slightly lower egress rates than direct S3 at scale, while also caching at edge locations to reduce the number of origin fetches. The economic case for CloudFront is strongest for frequently-accessed, widely-distributed content. For infrequently-accessed files or content served to a narrow geographic area, the CloudFront setup overhead and origin request costs may not justify the per-GB savings.
Cross-Region vs Internet Egress: Which Costs More?
For US-to-US transfers: cross-region transfer at $0.02/GB is cheaper than internet egress at $0.09/GB. Moving data from us-east-1 to us-west-2 through AWS’s internal network costs $0.02/GB. Moving that same data out to the internet and back in costs $0.09/GB outbound (plus $0 inbound). For workloads where data needs to move between regions — disaster recovery replication, multi-region read replicas, data pipeline ETL — keeping transfers on the AWS backbone is significantly cheaper than routing through the internet even at the same geographic distance.
For disaster recovery: a 5 TB daily replication from us-east-1 to eu-west-1 costs 5,000 GB x $0.02/GB = $100/day = $3,000/month in cross-region transfer. If the same data were routed through the internet (public endpoints), the cost would be 5,000 GB x $0.09/GB = $450/day = $13,500/month. The AWS backbone is 4.5x cheaper for this scenario. Always use private IP routing (VPC Peering or Transit Gateway with private routing) for cross-region data movement rather than routing through public internet gateways.
Reducing AWS Data Transfer Costs
The highest-ROI actions in order of typical savings impact:
- Enable VPC Endpoints for S3, CloudWatch Logs, ECR, and Secrets Manager. Eliminates NAT Gateway processing fees for these services. Takes 15 minutes and saves $0.034/GB on every call to these services from private subnets.
- Enable topology-aware routing in Kubernetes. Reduces inter-AZ traffic by preferring same-AZ pod routing. In clusters with high service-mesh traffic, this cuts cross-AZ charges by 60-80%.
- Consolidate NAT Gateways in non-production environments. One NAT Gateway per environment (not per AZ) saves $65.70/month on a three-AZ VPC. Multi-AZ NAT resilience matters for production. Dev and staging can tolerate a single NAT.
- Release idle Elastic IPs. Each unattached IP costs $3.65/month. Audit monthly with the CLI command above.
- Use CloudFront for high-volume content delivery. S3-to-CloudFront transfer is free. CloudFront serves at lower egress rates at scale.
- Evaluate Direct Connect for high-egress workloads. At $0.02/GB versus $0.09/GB for internet egress, Direct Connect breaks even on port costs at approximately 2-5 TB/month of consistent egress, depending on port speed and data transfer volume.
Compute Savings Plans do not reduce data transfer costs — they apply to EC2, Fargate, and Lambda compute only. Data transfer optimization requires architectural changes, not commitment discounts. Savings Plans and Reserved Instances are the right lever for compute spend. VPC Endpoints, CloudFront, and topology-aware routing are the right levers for network spend.
Also read: The Complete Guide to Compute Savings Plans (what data transfer is NOT covered by)
Frequently Asked Questions
1. Does AWS charge for data transfer within the same availability zone?
No. Data transfer between EC2 instances, containers, or services within the same availability zone using private IP addresses is free. The free transfer applies to any AWS service using private IP addressing within the same AZ — EC2 to EC2, EC2 to RDS, container to container. If you use public IP addresses for intra-AZ communication, AWS routes the traffic externally and charges internet egress rates. Always use private IP addresses for internal communication.
2. How much does AWS cross-AZ data transfer cost?
$0.01/GB in each direction, making round-trip traffic $0.02/GB. This applies to EC2, ECS, EKS, and other services communicating across availability zones within the same AWS region. For Kubernetes clusters with services spread across AZs, cross-AZ charges accumulate quickly. A cluster generating 10 TB/month of inter-AZ traffic pays $200/month in cross-AZ charges. Verify at aws.amazon.com/ec2/pricing/on-demand — rates change.
3. How much does AWS internet egress cost?
First 100 GB/month: free (always, not just free-tier period). Then $0.09/GB for the next 10 TB. Volume discounts apply at higher tiers: $0.085/GB at 10-50 TB, $0.07/GB at 50-150 TB, $0.05/GB above 150 TB. Rates are for US East (N. Virginia). Other regions vary — Asia Pacific and South America egress rates are higher. Verify at aws.amazon.com/ec2/pricing/on-demand.
4. Is data transfer between AWS services free?
It depends on the service pair and location. S3 to EC2 in the same region: free. EC2 to S3, DynamoDB, SNS, Kinesis in the same region: free. EC2 to EC2 in the same AZ on private IPs: free. EC2 to EC2 in different AZs: $0.01/GB each direction. RDS replication within Multi-AZ: free (AWS covers Multi-AZ replication costs). Cross-region replication: standard cross-region rates apply ($0.02/GB for most US corridors).
5. What is the cheapest way to transfer data out of AWS?
In order from cheapest to most expensive: (1) VPC Endpoints for S3 and AWS services: $0.01/GB processing, no egress charge. (2) Direct Connect: $0.02/GB for US outbound, lower for high-volume with committed capacity. (3) CloudFront: slightly below standard internet rates at scale, free for S3-to-CloudFront origin transfer. (4) Standard internet egress: $0.09/GB for first 10 TB. (5) NAT Gateway plus internet egress: $0.09/GB egress + $0.045/GB NAT processing = $0.135/GB effective rate — the most expensive common path.
6. Does AWS charge for data transfer between accounts?
It depends on the routing path. Same VPC using VPC sharing within the same AZ: free. Cross-AZ via VPC sharing or VPC Peering: $0.01/GB each direction. Cross-region via VPC Peering: standard cross-region rates ($0.02/GB for US corridors). Transfer routed over public internet endpoints: standard internet egress rates ($0.09/GB). Structure multi-account architectures with VPC Peering or Transit Gateway on private IP routing to avoid internet egress charges for cross-account traffic.
7. What is the AWS data transfer free tier?
Two free tiers exist. Always-free: first 100 GB/month of internet egress aggregated across all services and regions (EC2, S3, CloudFront, Lambda, etc.). 12-month introductory free tier: CloudFront provides 1 TB/month of data transfer out and 10 million HTTP/HTTPS requests free for the first 12 months. Data transfer into AWS from the internet is always free in all regions for all services. Verify at aws.amazon.com/free.
