Cloud Data Transfer Pricing: The Hidden Traps

Data transfer charges accumulate silently. The fix is mechanical once you know the traps.

Why transfer is opaque

Cloud bills hide data transfer charges in plain sight. The numbers are knowable; the architecture-to-cost link is what most engineers cannot draw.

• Direction matters. Ingress is usually free; egress costs vary by destination and region; symmetric assumptions lose money.
• Region matters. Cross-region transfer is far more expensive than within-region; the bill spikes when workloads spread.
• Destination matters. To internet vs to peer VPC vs to PrivateLink; same byte, three different prices.
• Predicting cost. Most engineers cannot read an architecture diagram and predict the transfer bill; that is the trap.

Four common traps

• 1. Cross-AZ within region.
• 2. Cross-region.
• 3. Egress to internet.
• 4. NAT gateway data processing.

Avoidance patterns

Each trap has a mechanical fix. None of them require new tools; they require knowing where data is going and choosing a different path.

• Cross-AZ. Topology-aware service mesh keeps traffic in the same AZ when possible; the inverse pattern fails open into the bill.
• Cross-region. Avoid unless required by DR or residency; replicate sparingly and on a schedule, not continuously.
• Egress to internet. CloudFront or CDN raises cache hit ratio so the origin pays once instead of per request.
• NAT processing. VPC endpoints for AWS-service-to-service traffic; bypass NAT entirely for those paths.

Quantifying impact

Concrete numbers turn the theory into a budget conversation. Each trap looks small on paper and adds up to real money at scale.

• Cross-AZ. $0.01 to $0.02 per GB; 1 PB/month equals $10k to $20k.
• NAT processing. $0.045 per GB; 100 GB/day equals $135/month per NAT gateway.
• Internet egress. $0.05 to $0.09 per GB depending on volume tier; this dominates most cloud bills at scale.
• Cumulative. Each trap is small; together they regularly account for 15 to 30% of the cloud bill in unprepared accounts.

Antipatterns

• Service mesh ignoring AZ. Cross-AZ baked in.
• NAT for AWS service traffic. Use endpoints.
• No CDN for static. Origin paid every request.

What to do this week

Three moves. (1) Apply this lever to your highest-spend workload. (2) Measure the dollar impact for one month. (3) Roll the practice out to the next two services if the savings hold.