Data Trasnfer Cost also knows as DTO is arguably one of the most mysterious and hard to understand component of each aws workload however it is often a big contributor of the monthly AWS invoice.

From my own experience its also one of the aspects of architecting solutions in AWS that is very often ignored with little retrospect on it later on. I think the reason is because its blind spot for way too many engineers and architect working every day with AWS.

The good news is if you understand it, you can often make some very minor tweak in our networking setup that can result in considerable cost difference at the end of the month without any compromise to latency, security, or availability.

In this blog post, I aim to explore the Data Transfer Out (DTO) costs from various angles. Covering all aspects in a single post would be challenging and lengthy, so I’ve decided to break it down into a series of posts. In this installment, I’ll focus specifically on the DTO costs incurred when AWS workloads communicate with the internet, both for inbound and outbound traffic.

Any request coming from internet (aka Inbound traffic) to your aws resource be it a resource on your VPC like an EC2 machine or a PUT request on your S3 bucke or DynamoDB has ZERO DTO cost.

For any request going out of aws (aka Outbound traffic) to internet has DTO cost associated with it. you will be charged different rate depending on how it get out of AWS. The outbound traffic part is where it gets tricky and complicated to calculate and I hope I can simplify it by a bit.

The highlight from above diagrams are:

• If workload is running on public subnet that can directly send traffic to internet over IGW then the Data transfer cost is 0.05 $ per GB .
• If workload is running on private subnet which has to send traffic over a NAT Gateway and then to IGW before reaching internet then there is a price of 0.048 $ per GB for NATGateway data processing + the 0.05 $ per GB for IGW . (keep in mind the hourly charge of running NAT gateway isn’t calculated)

The one common mistake I have observed where people commit unknowingly is the workload that is running in private subnet is in a different AZ than the public subnet to which NAT gateway is proxying the packets. in this case there will be an additional charge of cross-AZ data transfer of roughly $0.02 per GB.

Here is a simplify cost breakdown:

Workload is running on a public subnet with IGW without any NAT involved:

• Total Cost outbound cost is: $0.05 per GB.

NAT gateway is in a different AZ than the workload:

• Total Cost would be = $0.02 (Cross-AZ Transfer) + $0.045 (NAT Gateway processing) + $0.05 (Data Transfer Out) = $0.115 per GB.

NAT gateway and the workload are in the same AZ:

• Total Cost = $0.045 (NAT Gateway) + $0.05 (Data Transfer Out) = $0.095 per GB.

Read Part 2, where we cover DTO costs from other aspects.