NAT Gateway Cost Management

NAT gateway egress fees can dominate a bill. The patterns that contain the cost without sacrificing security.

Audit

Per NAT gateway: bytes processed. Sort by cost.

Outsized NATs are often servicing chatty workloads that should not need internet.

Avoidance patterns

VPC endpoints for AWS services. S3 and DynamoDB endpoints are free; ECR endpoints are cheap.

Internal services should not use NAT.

Scale wisely

Multi-NAT for HA. One per AZ is standard.

Don't over-provision; gateways scale per-AZ automatically up to 100Gbps.