Understanding Networking Costs in AWS: Data Transfer Costs by Usage Type
In this series of blog posts, we’re doing a deep dive into AWS networking costs. In the previous post, we covered bandwidth costs related to Operation. In this post, I’ll cover Usage type, and how these charges appear on your AWS bill. And, I’ll provide tips on how the nOps cloud management platform can help you detect data transfer costs that can be reduced by taking necessary actions.
I’ve shared in previous blog posts that there are many line items in the billing file. It’s often difficult to determine which resources are contributing to your data transfer cost. Filtering by Usage type and Operation can help you identify the source of these costs.
For example, AWS says that data transferred “in” to and “out” from Amazon Elastic Compute Cloud (Amazon EC2), Amazon Relational Database Service (Amazon RDS), Amazon Redshift, Amazon DynamoDB Accelerator (DAX), Amazon ElastiCache instances, elastic network interfaces across Availability Zones (AZs), and Amazon Virtual Private Cloud (Amazon VPC) peering connections in the same AWS Region, are billed at $0.01/GB in each direction.
But how do you know which Amazon RDS instance is generating how much in bandwidth cost? Filtering resources by DataProcessing-Bytes and correlating it to resources can help to answer that question (more on this later).
Before we dive in, I do want to mention an important point — if a line item in AWS Cost and Usage Report (AWS CUR) or AWS Cost Explorer doesn’t have a Region name for Usage type, that usually means the cost is for Region us-east-1.
Let’s get started on charges by Usage type.
DataProcessing-Bytes or REGIONNAME1-DataProcessing-Bytes
Bandwidth cost related to Amazon CloudWatch Logs and Classic Load Balancer is based on data processing bytes processed. In Virginia, the cost of an Amazon CloudWatch Log is $0.50 per GB, and for Classic Load Balancer the cost is $0.008 per GB of data processed.
- nOps tip: Here’s how you can quickly find the Amazon CloudWatch Groups and Classic Load Balancers that are generating the most cost on your AWS accounts. In nOps, see if there are Amazon CloudWatch Log groups that don’t have any bandwidth cost. In that case, determine whether those logs are still needed. If not, you can save costs by moving those logs to cheaper storage like Amazon S3 Glacier.
DataTransfer-Out-Bytes or REGIONNAME1-DataTransfer-Out-Bytes
The costs of most AWS services to the internet show up as DataTransfer-Out-Bytes: Amazon EC2, Amazon Simple Storage Service (Amazon S3), Amazon S3 Glacier, Amazon RDS, Amazon Redshift, Amazon Simple Email Service (Amazon SES), Amazon SimpleDB, Amazon Simple Queue System (Amazon SQS), Amazon Simple Notification Service (Amazon SNS), Amazon DynamoDB, AWS Storage Gateway, and Amazon CloudWatch.
- nOps tip: Often, you’ll see a high DataTransfer-Out-Bytes charge on your bill without clearly understanding which services are contributing to this cost. In nOps, you can look at this Usage type and see the related services. Once you know the related services, you can make better architectural decisions. For instance, if you see a high Amazon S3 cost, you can explore whether it’s due to the cost of Amazon CloudFront serving that content.
DataTransfer-Regional-Bytes or REGIONNAME1-DataTransfer-Regional-Bytes
If you are replicating data across AZs, you can get billed for DataTransfer-Regional-Bytes. Amazon ElastiCache instances, elastic network interfaces across AZs, and Amazon VPC peering connections in the same AWS Region are charged at $0.01/GB in each direction.
Be aware of applications connecting to the databases in a different AZ, for instance you can have a Redis cluster running in us-west-2b and all your apps are situated in us-west-2a. That would cause a lot of intra-AZ traffic.
Traffic costs that are related to AWS services (s3, dynamodb, etc) can be eliminated using VPC endpoints.
Another example: you can have regional bytes when NAT gateway is only available in a different AZ. So on top of NAT bytes costs you would also be charged for intra-az transfer. AWS best practice is to have NAT in each AZ.
To understand traffic directions you can use VPC traffic logs, but those can get expensive as well so it’s better to turn them off once finished.
To understand which resources are producing intra-az traffic you can use nOps and filter for Usagetype of interest. Overall you can break down every usage type by resource.
In my previous post on AWS data transfer costs by Operation, I shared that for each data transfer you see Interzone-In and Interzone-Out charges. DataTransfer-Regional-Bytes sums up both Interzone-In and Interzone-Out charges.
- nOps tip: When you select a range (such as the last three months) and review DataTransfer-Regional-Bytes, in nOps you can find the source of the Interzone traffic so that you can make the right architecture decisions. For example, if you’re doing batch processing and your application is not directly servicing your customers, consider running that workload in one AZ.
NatGateway-Bytes or REGIONNAME1-NatGateway-Bytes
You can see the NatGateway charges by Operation. By Usage type, you can filter these charges to see how much of it is related to traffic. Data processing charges apply for each gigabyte processed through the NAT gateway regardless of the traffic’s source or destination. There are no data processing or hourly charges for using gateway-type Amazon VPC endpoints.
- nOps tip: Use nOps to find the NAT gateway resources that are generating most of your NatGateway charges.
NatGateway-Hours or REGIONNAME1-NatGateway-Hours
If you choose to create a NAT gateway in your Amazon VPC, you are charged for each “NAT gateway hour” that your NAT gateway is provisioned and available.
The amount of data transferred into AWS Region1 from AWS Region2 should not be confused with data transferred in from the internet. An example is Amazon VPC peering between two Regions, where data is transferred from Amazon EC2 in one Amazon VPC to Amazon EC2 in another Amazon VPC.
This charge is pretty self-explanatory — the amount of data transferred from AWS Region1 to AWS Region2.
To reduce your AWS networking costs, you need to be able to detect the resources generating unnecessary data transfer charges so that you can make the right architecture decisions to avoid those charges in the future. The nOps cloud management tool can help detect those charges.
I’ve covered the most common Usage types related to bandwidth cost and actions you can take to reduce those costs. Key takeaways include:
- Review resources that are generating the most DataTransfer-Regional-Bytes charges. Data transfer in the same AZ is free, so if your workload doesn’t need cross-AZ for high availability, consider running it in one AZ.
- Make sure you have a NAT gateway in each AZ. You pay for Interzone traffic if you go through a NAT gateway in one AZ and you have resources running in another AZ.
- Consider using an Amazon VPC gateway if your application uploads data to Amazon S3. Even though doing so is free, if that traffic flows through a NAT gateway, you are charged for the bandwidth cost of the NAT gateway regardless of the destination.
Want to start gaining sharper visibility of AWS cost anomalies and see how much you can save? Click here to get started with a free trial of nOps (or click here to sign in to nOps if you’re already a user) and take advantage of its cost-control capabilities.