Cloud Egress Costs: How to Stop Paying $0.09/GB for Data Transfer

The Bill Nobody Expects

Data transfer costs are the tax you pay for putting things in the cloud. Uploading data is free on every provider. Getting it out -- that is where the charges start. And they are not small. A modest SaaS application serving 10 TB of data per month to the internet pays between $870 and $1,200 in egress charges alone on AWS, Azure, or GCP at standard rates. That is before you count inter-region replication, cross-AZ traffic, or NAT Gateway processing fees.

The frustrating part is that most teams do not notice data transfer costs until they dominate the bill. They are buried in line items labeled "Data Transfer Out", "Inter-AZ Transfer", and "NAT Gateway - Bytes Processed." They do not show up in resource-level cost tracking because they are attached to the VPC, not to individual instances. And they scale linearly with traffic, so a successful product launch can triple your data transfer bill overnight.

This guide covers the actual pricing across all major clouds, the architectural patterns that generate the most egress cost, and concrete strategies I have used to reduce data transfer bills by 40 to 70 percent.

Data Transfer Pricing: The Full Picture

Let me lay out the numbers that matter. All prices are per GB and current as of early 2026.

Internet Egress (Data Out to the Internet)

AWS: $0.09/GB for the first 10 TB/month, $0.085/GB for the next 40 TB, $0.07/GB for the next 100 TB. The first 100 GB/month is free. AWS also offers a free tier of 100 GB/month per AWS account.

Azure: $0.087/GB for the first 10 TB/month in most regions, with similar tiered discounts. Azure gives the first 100 GB/month free per billing account.

GCP: $0.12/GB for the first 1 TB/month on the Premium tier (global network), $0.085/GB on the Standard tier (regional network). GCP's Premium tier routes traffic over Google's private network to the POP closest to the user; Standard tier exits to the public internet at the POP closest to the region. The Standard tier costs less but adds 10 to 30ms of latency for geographically distant users.

Oracle Cloud: $0.0085/GB -- yes, roughly one-tenth the price of AWS. OCI includes 10 TB/month of outbound data transfer in its pricing for many services. This is a genuinely compelling reason to consider OCI for egress-heavy workloads.

Cloudflare and the bandwidth alliance

Cloudflare R2, Cloudflare's object storage, charges zero egress fees. If your workload involves serving static assets, media files, or API responses that can be cached, R2 combined with Cloudflare's CDN can eliminate internet egress costs entirely. Backblaze B2 is another zero-egress option when accessed through Cloudflare. Several other providers participate in Cloudflare's Bandwidth Alliance with discounted or zero egress.

Inter-Region Transfer

AWS: $0.01 to $0.02/GB depending on the regions. US East to US West is $0.01/GB. US to Europe is $0.02/GB. US to Asia Pacific is $0.02/GB. This is charged in both directions -- sending 1 TB from us-east-1 to eu-west-1 costs $20, and the destination region also pays $20 for ingress from a different region.

Azure: $0.01 to $0.05/GB depending on region pairs. Intra-continental transfers (US East to US West, Europe North to Europe West) are at the lower end. Inter-continental transfers are more expensive.

GCP: $0.01/GB within the same continent, $0.02 to $0.08/GB across continents. GCP also charges for ingress from other clouds or the internet if it enters through the inter-region network.

Inter-AZ (Cross-Zone) Transfer

This is the one that catches everyone off guard. AWS charges $0.01/GB for data transferred between Availability Zones within the same region -- in both directions. A service in us-east-1a sending 1 TB to a database in us-east-1b costs $10 for the send and $10 for the receive, totaling $20. For high-throughput microservice architectures with services spread across three AZs, cross-AZ traffic can easily exceed $1,000/month.

Azure does not charge for cross-AZ traffic within the same region for most services. This is a meaningful cost advantage for Azure in multi-AZ architectures.

GCP charges $0.01/GB for cross-zone traffic within the same region, similar to AWS.

NAT Gateway Processing

AWS NAT Gateway charges $0.045/GB for data processing on top of the regular data transfer charges. A private subnet sending 10 TB/month through a NAT Gateway pays $450 in processing fees plus the standard egress charges. The NAT Gateway itself also costs $0.045/hour ($32.40/month) per AZ. A three-AZ deployment with 10 TB of NAT traffic costs $450 + $97.20 = $547.20/month -- just for the privilege of letting your private instances reach the internet.

Calculate the real cost of your NAT Gateway deployment

The 10 TB/Month Workload: A Cost Comparison

Let me walk through a real scenario. You have a SaaS application that serves 10 TB per month of internet egress (API responses, static assets, media files). The application runs in a single region with three AZs and generates about 5 TB/month of inter-AZ traffic from service-to-service communication. Another 2 TB/month replicates to a second region for disaster recovery.

Unoptimized Architecture (AWS)

Internet egress: 10 TB at $0.09/GB = $921.60 (after free tier)
Inter-AZ traffic: 5 TB at $0.02/GB (both directions) = $102.40
Inter-region replication: 2 TB at $0.02/GB = $40.96
NAT Gateway processing: 3 TB through NAT at $0.045/GB = $138.24
NAT Gateway hourly: 3 AZs at $32.40/month = $97.20
Total data transfer cost: approximately $1,300/month

Optimized Architecture (Same Workload)

Internet egress through CloudFront: 10 TB at $0.085/GB (CloudFront rate) = $870.40, but if 60 percent of traffic is cacheable, only 4 TB hits origin, saving $540 on origin egress. Net CDN cost: roughly $870 for CDN delivery, but origin egress drops to $368.64. Net savings depend on cache hit ratio.
Inter-AZ traffic reduced via zone-aware routing: 5 TB down to 2 TB = $40.96
VPC endpoints for S3 and DynamoDB: 1 TB removed from NAT = NAT processing drops to $92.16
NAT Gateway consolidated to one AZ with route table optimization: $32.40
Total data transfer cost: approximately $650 to $800/month -- a 40 to 50 percent reduction

Strategy 1: CDN Everything Possible

CloudFront, Azure CDN, and Cloud CDN all offer lower egress rates than standard internet egress. More importantly, a well-configured CDN serves cached responses from edge locations without hitting your origin at all, eliminating the egress charge entirely for cached content.

CloudFront offers $0.085/GB in North America (cheaper than the standard $0.09/GB), and data transfer from S3 or other AWS origins to CloudFront is free. This means serving a cached S3 object through CloudFront costs only the CloudFront delivery fee, not the S3 egress fee. For an application serving 10 TB/month from S3, switching from direct S3 access to CloudFront with a 70 percent cache hit ratio reduces origin egress from $921 to about $276, while the CloudFront delivery fee is about $870. The net result is a slight cost increase for cached content, but the latency improvement and DDoS protection make it worthwhile. Where the real savings come is for dynamic API responses that can be cached for even a few seconds.

Azure Front Door and Azure CDN have similar economics. Data transfer from Azure origins to Azure CDN is free. Azure CDN pricing ranges from $0.065 to $0.13/GB depending on the zone and tier.

Cloud CDN on GCP offers cache egress at $0.02 to $0.08/GB depending on the region, significantly cheaper than the standard $0.12/GB Premium tier egress.

Compare CDN pricing and features across AWS, Azure, and GCP

Cache more aggressively than you think

Most teams under-cache their API responses. If an endpoint returns data that is valid for 5 seconds, add a Cache-Control: public, max-age=5 header. During a traffic spike with 1,000 requests per second, that 5-second cache means 4,999 out of 5,000 requests are served from the CDN edge. That is a 99.98 percent reduction in origin egress for that endpoint. Even "dynamic" content like product listings, user dashboards, and search results can often tolerate 1 to 10 seconds of staleness.

Strategy 2: VPC Endpoints and Private Link

When your EC2 instances, Lambda functions, or containers in a private subnet access AWS services like S3, DynamoDB, or SQS, that traffic routes through a NAT Gateway by default. The NAT Gateway charges $0.045/GB processing on top of the data transfer -- and for traffic to AWS services within the same region, the data transfer itself would be free if you bypassed the NAT.

Gateway VPC Endpoints (available for S3 and DynamoDB) are free. They route traffic from your VPC directly to the service over AWS's internal network. There is no hourly charge and no per-GB processing fee. If your application accesses S3 or DynamoDB from private subnets, creating gateway endpoints is a zero-risk optimization that immediately eliminates NAT Gateway processing fees for that traffic.

Interface VPC Endpoints (available for most other AWS services) cost $0.01/hour per AZ and $0.01/GB for data processing. Compare this to NAT Gateway at $0.045/hour per AZ and $0.045/GB. Interface endpoints are cheaper per GB but still have a cost. Use them for services with significant traffic volume -- SQS, SNS, KMS, Secrets Manager, CloudWatch Logs.

Azure Private Endpoints cost $0.01/hour (about $7.30/month) with no per-GB charge for data processing. This makes them significantly cheaper than AWS interface endpoints for high-throughput workloads.

GCP Private Google Access is free. Enable it on a subnet, and instances without external IPs can access Google APIs and services over Google's internal network without a NAT Gateway. There is no additional charge.

Strategy 3: Reduce Cross-AZ Traffic

In microservice architectures on AWS, cross-AZ traffic is a significant and often invisible cost. Every service-to-service call that crosses an AZ boundary costs $0.01/GB in each direction. For high-throughput systems, this adds up fast.

Topology-Aware Routing in Kubernetes

If you run Kubernetes on EKS or GKE, enable topology-aware routing (formerly topology-aware hints). This feature tells kube-proxy to prefer routing traffic to pods in the same AZ as the caller. A service in us-east-1a will route to a backend pod in us-east-1a rather than us-east-1b, eliminating the cross-AZ charge. The tradeoff is that if one AZ has fewer healthy pods, traffic may not be evenly distributed. Kubernetes handles this by falling back to cross-AZ routing when local capacity is insufficient.

Zone-Affinity for Service Meshes

Service meshes like Istio and Linkerd support locality-aware load balancing, which preferentially routes traffic to pods in the same AZ. Istio's locality load balancing is enabled by default and uses a priority-based failover model: same zone first, then same region, then cross-region. Configure outlier detection to ensure unhealthy local endpoints are bypassed quickly.

Database Read Replicas Per AZ

If your application reads heavily from a database in a specific AZ, cross-AZ reads from other AZs generate data transfer charges. Creating a read replica in each AZ and routing reads to the local replica eliminates cross-AZ database traffic. This works well for RDS PostgreSQL/MySQL read replicas and Aurora reader endpoints with the reader endpoint's failover priority set per AZ.

Strategy 4: Compress Everything

Compression reduces the number of bytes transferred, directly reducing egress costs. It is the simplest optimization and often the most overlooked.

Enable gzip or Brotli compression at your load balancer, CDN, or application level. API responses (JSON, XML) typically compress to 10 to 30 percent of their original size. A 10 KB JSON response compressed to 2 KB reduces egress by 80 percent for that request. At scale, this is enormous.

For S3 and object storage, store pre-compressed assets (CSS, JavaScript, JSON data files) and set the Content-Encoding header. CloudFront can also compress objects on the fly for origins that do not support compression natively.

For inter-region replication, consider compressing data before writing it to the source. S3 Cross-Region Replication transfers the exact bytes stored in the source bucket. Storing a 1 GB Parquet file compressed with zstd to 200 MB means replicating 200 MB instead of 1 GB.

Strategy 5: Negotiate Committed Use Discounts

If your data transfer exceeds 10 TB/month consistently, you have leverage to negotiate better rates.

AWS: CloudFront offers custom pricing for commitments above 10 TB/month. Contact your AWS account team to negotiate committed throughput pricing, which can reduce rates to $0.03 to $0.05/GB depending on volume. AWS also offers Data Transfer Out committed use discounts through Enterprise Discount Programs (EDPs).

Azure: Azure CDN from Microsoft offers Standard and Premium tiers with volume discounts. Azure Front Door has reserved capacity pricing for committed throughput.

GCP: GCP offers committed use discounts for network egress through the Network Service Tiers. The Premium tier is more expensive but routes over Google's global network. The Standard tier is cheaper and routes over the public internet. For egress-heavy workloads, switching to Standard tier where latency is acceptable can save 30 to 40 percent.

Strategy 6: Architect for Egress Efficiency

Some architectural patterns generate egress by design. Changing the architecture can eliminate the egress entirely.

Move compute to the data: If your application in us-east-1 processes 5 TB of data stored in eu-west-1, the inter-region transfer costs $100/month. Moving the compute job to eu-west-1 (or replicating the data to us-east-1 once instead of querying it repeatedly) can be much cheaper.

Use regional endpoints: Serve users from the closest region. A global API served entirely from us-east-1 sends all responses over the internet to users in Europe and Asia. Deploying the API in eu-west-1 and ap-southeast-1 and using DNS-based routing puts the response on a shorter, faster, and sometimes cheaper path.

Batch API responses: If a mobile app makes 50 API calls on launch, each returning a small JSON payload, the aggregate egress is modest but the per-request overhead is high. A single batch endpoint that returns all 50 responses in one payload reduces the number of HTTP round trips and can be cached more effectively at the CDN layer.

Use efficient serialization: Protocol Buffers and MessagePack produce payloads 30 to 80 percent smaller than JSON for the same data. If you control both the client and server, switching serialization formats reduces egress proportionally.

Multi-region replication costs add up

A common disaster recovery pattern is to replicate all data to a secondary region. For an S3 bucket with 50 TB of data and 2 TB of daily changes, Cross-Region Replication costs $0.02/GB, or about $1,228/month just for replication transfer. Before enabling cross-region replication on everything, assess which data actually needs real-time replication versus periodic backup. Often, a daily backup to the DR region is sufficient and costs a fraction of continuous replication.

Monitoring Data Transfer Costs

You cannot optimize what you do not measure. Set up cost monitoring specifically for data transfer.

AWS: Use Cost Explorer with the "Usage Type" dimension filtered to "DataTransfer". Enable VPC Flow Logs to identify the highest-volume traffic flows. The "Data Transfer" category in the AWS bill groups all transfer charges, but you need to drill into "Usage Type Groups" to distinguish internet egress from inter-AZ from inter-region.
Azure: Use Cost Management with the "Meter Category" filter set to "Bandwidth." Azure Network Watcher's traffic analytics can identify top talkers and cross-region flows.
GCP: Use the Billing export to BigQuery and filter by SKU descriptions containing "Network Egress" or "Network Inter Region." VPC Flow Logs with BigQuery export enable detailed traffic analysis.

Set up weekly cost alerts for data transfer categories. A sudden increase often indicates a misconfigured replication policy, a chatty service-to-service integration, or a CDN cache miss rate spike. Catching these early saves hundreds or thousands of dollars per month.

The Bottom Line

Data transfer costs are a function of architecture, not just traffic volume. Two applications serving identical amounts of data can have wildly different egress bills depending on CDN usage, VPC endpoint configuration, cross-AZ traffic patterns, and compression. The good news is that most optimizations are straightforward and low-risk: add VPC gateway endpoints for S3 and DynamoDB (free, zero downtime), enable compression (application config change), put a CDN in front of cacheable content (a few hours of work), and enable topology-aware routing in Kubernetes (a label change).

Start by understanding your current data transfer costs -- most teams are surprised by how much they are paying. Then apply the optimizations in order of ease and impact: VPC endpoints first, then compression, then CDN, then cross-AZ optimization, then architectural changes. For the 10 TB/month workload in our example, these optimizations reduced the monthly data transfer bill from $1,300 to under $800 -- a $6,000 annual savings with minimal engineering effort.