NAT gateway costs: why they spike and how to estimate them

NAT gateway bills are often surprising because they combine a fixed hourly baseline with traffic-based processing charges. If you put high-throughput or “chatty outbound” workloads behind NAT, costs can scale faster than compute. This page shows a simple model and a workflow to estimate and validate the drivers.

NAT cost inputs

  • Hours: one NAT per AZ is typical.
  • Processed GB: API calls and downloads drive this.
  • Endpoints: VPC endpoints can reduce NAT GB.

The cost model (what to budget)

  • Gateway-hours: gateways × hours/month (730 for always-on)
  • GB processed: total GB traversing NAT per month
  • Total: gateway-hours × $/hour + GB processed × $/GB (plus any related transfer/egress lines)

Tool: NAT Gateway cost calculator

Why NAT costs spike (the common root causes)

  • Container image pulls: large images pulled by many nodes/tasks, especially during scaling events.
  • OS/package updates: fleets doing repeated downloads through NAT.
  • External APIs/SaaS: high-throughput outbound calls from private workloads.
  • Log shipping: exporting logs to external destinations through NAT.
  • Retry storms: a small outage can multiply outbound traffic and processed GB.

How to estimate GB processed (3 practical methods)

  1. From NAT gateway metrics: sum bytes over a representative window and scale to monthly.
  2. From VPC Flow Logs: filter to NAT gateway ENIs and sum bytes.
  3. From throughput charts: convert average Mbps to GB/month (good for a first pass).

Step-by-step: estimate NAT GB processed

Architecture gotchas (where costs hide)

  • Non-prod always-on: dev/test running 730h/month creates baseline gateway-hours.
  • Accidental NAT path to AWS services: traffic to AWS APIs can still go through NAT when endpoints/private access aren’t used.
  • Cross-AZ routing: centralized egress patterns can introduce cross-AZ transfer in addition to NAT.
  • Multi-AZ HA choices: more NAT gateways can improve locality/availability but increases gateway-hours—model the trade-off explicitly.

If you’re comparing NAT vs endpoints/private connectivity: NAT vs VPC endpoints cost.

Validation checklist (do this after changes)

  • Confirm gateway-hours didn’t stay flat due to unused gateways left running.
  • Confirm GB processed dropped and identify which traffic source changed.
  • Check for shifted costs: data transfer/cross-AZ and internet egress can move when routing changes.
  • Re-check incident windows: if retries still spike, the problem will return.

Next steps

NAT cost optimization VPC endpoints optimization VPC data transfer

Sources

Related guides

Estimate NAT Gateway GB processed (quick methods)
Practical ways to estimate NAT Gateway GB processed per month: from NAT metrics, from VPC Flow Logs, from Mbps charts, and from common traffic sources — with validation tips so your budget holds up.
NAT Gateway cost optimization (high-leverage fixes)
A practical playbook to reduce NAT Gateway spend: cut GB processed with private connectivity, remove recurring downloads, prevent retry storms, and validate savings with metrics/flow logs.
NAT Gateway vs VPC endpoints cost: when PrivateLink wins
Compare NAT Gateway vs VPC endpoints (Interface/Gateway endpoints) cost: model gateway-hours + GB processed versus endpoint-hours + per-GB, estimate how much NAT traffic endpoints remove, and avoid transfer surprises.
API Gateway access logs cost: how to estimate ingestion and retention
A practical guide to estimate API Gateway access logs cost: estimate average bytes per request, convert to GB/day, model retention (GB-month), and reduce log spend safely.
API Gateway cost optimization: reduce requests, bytes, and log spend
A practical playbook to reduce API Gateway spend: identify the dominant driver (requests, transfer, or logs), then apply high-leverage fixes with a validation checklist.
API Gateway pricing: what to model (requests + transfer)
A practical API Gateway pricing checklist: request charges, data transfer, and the add-ons that can show up on the bill.

Related calculators

RPS to Monthly Requests Calculator
Estimate monthly request volume from RPS, hours/day, and utilization.
API Request Cost Calculator
Estimate request-based charges from monthly requests and $ per million.
CDN Request Cost Calculator
Estimate CDN request fees from monthly requests and $ per 10k/1M pricing.

FAQ

What are the two NAT Gateway cost components?
A fixed hourly cost (gateway-hours) plus a traffic-based cost for GB processed through the NAT gateway.
What counts as “GB processed”?
Traffic that traverses the NAT gateway (for example, workloads in private subnets reaching public endpoints or services through the NAT path).
Why do NAT bills spike during incidents?
Retries and timeouts multiply outbound calls. Autoscaling can also trigger large downloads (images and updates), increasing processed GB quickly.
Last updated: 2026-02-07