Data transfer charges between regions in AWS are costly, and it’s likely that you are already paying too much. Consider that egress data refers to data traveling out of a network, whereas ingress data refers to data traveling into a network. AWS data transfer pricing does not charge for ingress data, but does charge for egress data — and these data transfer charges can result in hefty data transfer fees.
Some big name companies have already felt this pain. According to The Information, Apple paid AWS data transfer charges of $50M (6.5% of their AWS bill) in 2017. These charges dropped to a mere $4M in 2018 when Apple scaled back their usage of AWS services. Likewise, Pinterest’s data transfer charges were $14.7M in 2017, and increased by 78% to $26.4M in 2018. The cloud model allows these companies to innovate and expand as their businesses call for it, but if left unsupervised they will quickly incur overwhelming costs.
Thankfully there are ways around overspending on such resources, ensuring that you’re still able to take advantage of the flexibility of the cloud model and remain cost effective. AWS architecture allows you to significantly reduce data transfer charges if you utilize their best practices, ensuring that AWS data transfer pricing doesn’t become an issue. Below are AWS-recommended strategies to manually implement these best practices.
8 Strategies to Optimally Design your AWS Architecture to Minimize Data Transfer Charges
AWS Data Transfer Fees
AWS data transfer pricing does not charge for any inbound data transfers. Data transfer charges (metered per gigabyte) occur for any outbound transfer to the public internet, an inter-AWS region, or an inter-AWS availability zone with a few exceptions (S3 and DynamoDB outbound transfers are free within the entire AWS region).
Each month, the first 100 GB of data transferred out of all AWS regions (except China and GovCloud) is free. In addition, each month, the first 1TB of data transferred out of CloudFront is free of charge.
Strategy #1: Set Up Cost-Allocation Tags to All Resources to Track the Use of Actual Transfers
The first step to reduce data transfer charges is to identify the resources incurring them, since bringing visibility to cost components tends to reduce them. In AWS, this is done using Cost Allocation Tags. This method simply means adding labels to your resources, which allows you to see a larger view of your spending over time.
Strategy #2: Choose Your AWS Regions Wisely
The optimal choice of AWS regions to use depends on the following factors:
|Choose the one region that has latencies within the tolerance limits for the vast majority of your users. (If possible, choose the region with the least latency.)||For static data, you should use CloudFront which offers 1 TB of data transferred out for free each month and has edge locations around the world.|
For dynamic data, the latency of the data depends on the internet infrastructure; Your ISP may have a direct link to another continent. For example, the latency of access from Switzerland to us-east-1 is substantially lower than to eu-west-1.
|Use as few AWS regions as possible.||The more AWS regions you use, the more likely it is that you will need to transfer data between the regions.|
In addition, you can hold more infrastructure in one region enjoying volume discounts on data transfers among S3 buckets.
For a global organization, we recommend using us-east-1 and eu-west-1 as your primary region(s).
|Use key AWS regions and enjoy the latest AWS services.||New AWS services are rolled out gradually, with certain key AWS regions receiving services first. These regions also receive security updates first.|
Key AWS regions are:
Smaller AWS regions may receive features late, if ever.
See which services are available by region here and here.
|Choose the AWS region which meets your compliance requirements.||If the data you process is bound by data residency laws, you have no choice but to choose the compliant region.|
|Choose the AWS regions with the lowest AWS pricing.||Generally, US-based AWS regions are the most inexpensive. Singapore and India are among the most expensive regions.|
Strategy #3: Ensure All Data Transfers Are Kept Within a Single Region
Certain AWS services, such as S3, are global — even if you keep all AWS infrastructure in one region. Ensure that the S3 bucket is also stored in the target region.
Strategy #4: Keep Network Traffic Within the VPC’s Availability Zones
All traffic within the identical VPC’s Availability Zone using private IP addresses is free. Planning ahead and utilizing this cost saving method whenever possible is a best practice.
Strategy #5: Enable VPC Endpoints for All Services That Support Them
Unless you set up a VPC Endpoint for S3, all the outgoing S3 traffic goes via the public internet and is billable. With a VPC Endpoint for S3, all data transferred from an S3 bucket to an AWS service within the same region as the S3 bucket is complimentary.
Notice, this is far better than AWS RDS transfer prices; for AWS RDS the data transferred between RDS and EC2 within the same Availability Zone is free. Data transferred to an EC2 in another Availability Zone is billable.
Strategy #6: Reduce the Number of Public IPv4 Addresses and Elastic IP Addresses
Data transferred in and out of any public or Elastic IPv4 address is charged at $0.01/GB in each direction, while data transferred between EC2, RDS, Redshift, ElastiCache, or Elastic Network Interfaces within the same Availability Zone is free. Planning ahead and utilizing this cost saving method whenever possible is a best practice.
Strategy #7: Replace NAT Gateways with Egress-Only IPv6 Internet Gateways
NAT Gateways are used to allow resources in private subnets to connect to the Internet, other VPCs, or on-premises networks. These devices ensure that there is no unsolicited connection from the outside of the VPC.
In addition to the standard EC2 fees, these devices are charged a per-GB processing fee for both incoming and outgoing traffic.
However, an Egress-Only IPv6 Internet Gateway incurs no charges. We recommend replacing the NAT Gateways with Egress-Only IPv6 Internet Gateways, provided all resources requiring the Egress Internet access support IPv6.
This article explains how to set up the Egress-Only IPv6 Internet Gateway.
Strategy #8: Use AWS CloudFront as Much as Possible
AWS CloudFront is a content delivery network (CDN) which provides the first 1 TB of data transfer out of Amazon CloudFront free of charge each month. In addition, the data transfers from AWS CloudFront to the internet are 20-40% cheaper than the standard data transfer rates. Thus, it’s cost effective to use it whenever possible.