AWS Networking Costs in 2 Minutes

the most concise and simple explanation out there

Author

Stanislav Kozlovski
January 17, 2025

💸 So What Does it Cost?

It depends a lot on where the data is going.

Outside AWS

This is called an internet charge. It captures data transfers between AWS and the internet.

The internet can mean:

  • ☁️ other clouds (GCP, Azure)

  • 🤖 on-premise environments

  • 🏠 your home town’s ISP

  • 📱 your phone’s cellular data

  • etc.

Internet Ingress

✨ in few words: data coming from the internet into your AWS EC2 instance.

💸 charged: nothing

Ingress is infamously free across all major cloud providers. They’re incentivized to do that because it locks you in.

Internet Egress

✨ in few words: data going out of your EC2 into the internet.

💸 charged: $0.05/GB-$0.09/GB in EU/USA. Larger charges in other regions.

This can end up expensive. If you’re egressing just 1 MB/s consistently, it’ll cost you $2731 a year.

This is one of the cloud’s most egregious pricing strategies. One may say it is a bit monopolistic.

Cloudflare did a good analysis of the margin they set - https://blog.cloudflare.com/aws-egregious-egress/

Note there’s also Direct Connect that can end up offering cheaper internet traffic prices for certain on premise environments.

Within AWS

The lesson? Stay in AWS if you wanna stay solvent.

Within AWS, it’s a tad more affordable.

Before we see the charges there, let’s clear up some terminology.

Terminology

  • AZ (Availability Zone) - a physically isolated location with one or more data centers, inside a region

Availability Zones
each AZ is usually within 60 miles / 100 km of each other

  • Region - a geographical territory that hosts multiple AZs

AWS Regions
credit: https://awsgeek.com/AWS-Regions/ (image modified by me)

Cross-Region Costs

It’s region to region specific.

✨ in few words: data flowing between two EC2 instances in different regions.

💸 charged: varying rates on egress (instance sending data). ingress is free.

This can be:

  • as close as Oregon → Northern California

  • as far as Oregon → Cape Town

Prices vary significantly. It isn’t strictly correlated with geographical distance.

For example:

  • 1 TB sent from us-west-2-sea-1 (Seattle):

    • ~700 miles (1140 km) → us-west-1 (N. California) costs $20.48 ($0.02/GB)

    • → ~2357 miles (3793 km) → us-east-1 (N. Virginia) costs $0

      • but sending 1 TiB back from us-east-1 costs $20.48 ($0.02/GB)

  • 1 TB sent from us-west-2 (Oregon):

    • ~10,244 miles (16,487 km) → af-south-1 (Cape Town) costs $20.48 ($0.02/GB)

      • but sending 1 TiB back from af-south-1 costs $150 (7.3x more @ $0.147/GB)

a sample of cross-region prices in table form

Same-Region Costs

Within a region, we have different availability zones. The price depends on whether the data crosses those boundaries.

Cross-AZ

Costs a total of $0.02/GB. In all cases. No going around it.

✨ in few words: data flowing between two EC2 instances in different availability zones.

💸 charged: $0.01/GB on ingress (instance receiving data) & $0.01/GB on egress (instance sending data)

If the data transfer is done cross-account then the bill is split between both AWS accounts.

Same-AZ

This can be between two data centers in the same AZ, or within the same datacenter.

✨ in few words: data flowing between two EC2 instances in the same availability zone.

💸 charged: depends on IP type

👉 ipv4: free when using private IPs.

👉 ipv6: free when inside the same VPC, or is VPC-peered.

Everything else is $0.02/GB. (public ipv4, cross-VPC ipv6) 

It gets complicated when we start crossing VPC boundaries.

Private IPs & Cross VPCs

A VPC is a logical network boundary - it doesn’t allow outsiders to connect to it. VPCs can be within the same account, or across different accounts (e.g like using a hosted Kafka vendor).

Crossing VPCs therefore entails using the public IP of the instance. That is, unless you create some connection between the networks.

This affects your same-AZ charge - but the documentation on this is scarce.

  • AWS only ever confirms that same-AZ traffic through the private IP is free, but never mentions the cost of using public IP.

  • There is a price distinction between IPv4 and IPv6, and it reads unclearly.

I read some really wrong public opinions on this - people think that internet charges were applied when using the public IP. This isn’t true.

It was really hard to find a definitive answer online. In fact, I didn’t find any.
There were just a few threads/souces I could find over the last few years, and all had conflicting answers:

I ran tests to confirm. The results 👇

IPv4 Same-AZ

The behavior is consistent with AWS’ well-hidden documentation, that says the traffic between two public IPs residing in AWS never leaves the network. It would make sense they don’t charge you as if it did, then.

IPv6 Same-AZ

Note IPv6 addresses in AWS have no notion of public/private - it’s just one IPv6 address.

A Gift 🎁

The AWS documentation is really hard to parse.

So I packaged this up in a simple web app for you:

Check it out here:

Feel free to bookmark, share with a friend, and refer to it whenever you get curious again.

Having to Google, find and read through AWS’ official page a thousand times, I’m confident this tool is much better.

More?

See how this applies to Kafka client traffic and your cost implications here 👇

Liked this edition?

Help support our growth so that we can continue to deliver valuable content!

And if you really enjoy the newsletter in general - please forward it to an engineer. It only takes 5 seconds. Writing it takes me 5+ hours.

More Content?

Make sure to follow me on all mediums to not miss anything:

Apache®, Apache Kafka®, Kafka, and the Kafka logo are either registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. No endorsement by The Apache Software Foundation is implied by the use of these marks.