AWS cross-AZ data transfer cost: causes and estimate steps

Cross-AZ data transfer costs appear when bytes move between Availability Zones inside a region. The cost is easy to model once you know GB/month crossing zones, but the hard part is identifying what causes the cross-AZ traffic in your architecture.

Quick cross-AZ estimate

  • Total GB/month: service traffic at the boundary.
  • Cross-AZ share: percent of traffic crossing zones.
  • Cost: GB/month x cross-AZ rate.

Common causes of cross-AZ transfer

  • Load balancers: traffic enters one AZ and is forwarded to targets in another (cross-zone patterns).
  • Databases: multi-AZ replication and client connections crossing AZ boundaries.
  • Kubernetes: pods in AZ A calling services/endpoints in AZ B (uneven scheduling or service topology).
  • NAT gateways: workloads in one AZ using a NAT gateway in another can create cross-AZ bytes.
  • Shared services: centralized logging, proxies, or caches in a single AZ serving multi-AZ workloads.

How to estimate cross-AZ GB/month

  1. Start from traffic volume: total GB delivered/processed for the service boundary (API, LB, service mesh).
  2. Estimate cross-AZ fraction: what percent of traffic crosses zones (0% if perfectly zone-local, often 5-20% in practice).
  3. Cross-AZ GB/month ~= total GB/month x cross-AZ fraction.

Where to get the inputs (practical)

  • VPC Flow Logs: measure bytes between subnets/ENIs tagged by AZ.
  • Load balancer metrics: identify uneven target distribution and cross-zone behavior windows.
  • Kubernetes topology: compare client pod AZ vs endpoint AZ distributions.

If you cannot measure yet, use a conservative range (for example 10-30%) and validate later with flow logs.

How to reduce cross-AZ cost safely

  • Keep traffic zone-local: ensure targets/endpoints are evenly spread across AZs and clients prefer same-AZ targets.
  • Avoid centralized single-AZ dependencies: caches, proxies, and NAT should be deployed per AZ where possible.
  • Validate LB and client behavior: confirm routing policies actually keep traffic local under load and during scale events.
  • Watch failure modes: some cross-AZ traffic is the "safety cost" during partial AZ failures; optimize without reducing resilience.

Validation checklist

  • Measure cross-AZ GB/day from flow logs for at least 7 days.
  • Confirm cross-AZ fraction during deploys and scale events (often worse than steady state).
  • After changes, validate both cost reduction and resilience behavior during AZ degradation.

Sources


Related guides


Related calculators


FAQ

Why do teams get surprised by cross-AZ charges?
Because cross-AZ traffic is often accidental: uneven load balancing, cross-zone connections, and services talking across zones by default.
What is the key input for estimating cross-AZ cost?
GB/month that crosses Availability Zones. Once you have that, you apply the per-GB rate for your region and the relevant traffic boundary.

Last updated: 2026-02-07