AWS network cost guide: NAT, VPC endpoints, PrivateLink, and data transfer (what to model)

AWS networking cost modeling is simpler than it looks if you treat it as a set of consistent line items. This hub gives you a practical workflow (with formulas) and links to the calculators and deep guides.

The 3 buckets (the mental model)

  1. NAT Gateway: hourly gateway fees + GB processed.
  2. VPC endpoints / PrivateLink: endpoint-hours (per AZ) + (sometimes) GB processed.
  3. Transfer boundaries: cross-AZ, cross-region, and internet egress (depends on architecture).

Core formulas (planning-safe)

  • NAT hourly = NAT gateways x hours/month x $/gateway-hour
  • NAT traffic = NAT GB processed/month x $/GB processed
  • Interface endpoint-hours = endpoints x AZs x hours/month
  • Interface endpoint hourly = endpoint-hours x $/endpoint-hour
  • Interface endpoint traffic = endpoint GB processed/month x $/GB processed

Break-even workflow (NAT vs endpoints)

  1. Estimate NAT GB processed today (baseline).
  2. Identify the share of NAT traffic that is actually to AWS services that can move to endpoints (S3, ECR, STS, etc).
  3. Model 30% / 60% / 90% traffic moved to endpoints, and compare total monthly cost.
  4. Validate you didn't accidentally increase cross-AZ/cross-region transfer (common hidden pitfall).
NAT gateway cost calculator VPC interface endpoint cost NAT vs VPC endpoints (guide)

Decision table (which lever to pull)

Symptom Likely driver High-leverage fix
NAT bill dominated by GB processed Image pulls, updates, large outbound downloads Move AWS-service traffic to endpoints; cache/package mirrors
Endpoint bill higher than expected 3-AZ deployment + many endpoints Consolidate endpoints; validate which services need endpoints
Cross-AZ transfer surprises Multi-AZ clients hitting single-AZ backends or LB patterns Keep traffic AZ-local where possible; validate routing/targets

Troubleshooting checklist (what to verify)

  • Top talkers behind NAT (which destinations drive GB processed)
  • AZ locality (client and backend in same AZ?)
  • Retries/timeouts during incidents (traffic multiplier)
  • Log/monitoring traffic you forgot (steady background costs)

Deep guides (recommended reading order)

NAT gateway cost Estimate NAT GB processed VPC endpoints pricing Estimate endpoint-hours and GB PrivateLink pricing VPC endpoints cost optimization PrivateLink cost optimization VPC data transfer Cross-AZ transfer cost

Validation checklist

  • Validate the primary driver with measured usage from a representative window.
  • Confirm units and pricing units (per 10k vs per 1M, GB vs GiB) before trusting the estimate.
  • Re-check incident windows: retries/timeouts often multiply cost drivers.

Related reading

Cost estimation checklist Network transfer costs Request-based pricing

Related guides

NAT Gateway vs VPC endpoints cost: when PrivateLink wins
Compare NAT Gateway vs VPC endpoints (Interface/Gateway endpoints) cost: model gateway-hours + GB processed versus endpoint-hours + per-GB, estimate how much NAT traffic endpoints remove, and avoid transfer surprises.
VPC endpoints pricing: what to model (interface vs gateway endpoints)
A practical VPC endpoints pricing checklist: interface endpoint hours, per-GB processing, gateway endpoint differences, and the transfer pitfalls that cause surprises.
API Gateway pricing: what to model (requests + transfer)
A practical API Gateway pricing checklist: request charges, data transfer, and the add-ons that can show up on the bill.
API Gateway vs ALB vs CloudFront cost: what to compare (requests, transfer, add-ons)
A practical cost comparison of API Gateway, Application Load Balancer (ALB), and CloudFront. Compare request pricing, data transfer, caching impact, WAF, logs, and the hidden line items that change the answer.
AWS cost checklist: model the drivers that actually move the bill
A practical AWS cost checklist for planning and reviews: define scope, identify top cost drivers (requests, GB, GB-month, hours), and avoid the common blind spots (data transfer, logs, and cross-AZ).
AWS VPC data transfer cost: estimate cross-AZ, cross-region, and egress
A practical guide to AWS VPC data transfer costs: where transfer happens in real architectures, how to estimate GB/month, and how to avoid surprises.

Related calculators

Data Egress Cost Calculator
Estimate monthly egress spend from GB transferred and $/GB pricing.
API Response Size Transfer Calculator
Estimate monthly transfer from request volume and average response size.
VPC Data Transfer Cost Calculator
Estimate data transfer spend from GB/month and $/GB assumptions.
Cross-region Transfer Cost Calculator
Estimate monthly cross-region transfer cost from GB transferred and $/GB pricing.
RPS to Monthly Requests Calculator
Estimate monthly request volume from RPS, hours/day, and utilization.
API Request Cost Calculator
Estimate request-based charges from monthly requests and $ per million.

FAQ

What's the fastest way to model AWS network costs?
Break it into three buckets: (1) NAT hourly + GB processed, (2) VPC endpoints/PrivateLink endpoint-hours + GB processed, and (3) data transfer boundaries (cross-AZ/cross-region/internet). Build a baseline and a high-usage scenario.
Why do network bills spike unexpectedly?
Because network charges scale with traffic. Common causes are NAT GB processed from image pulls/updates, cross-AZ traffic from load balancers or multi-AZ clients, and log/monitoring traffic you didn't account for.
Do VPC endpoints always reduce NAT costs?
Only for compatible traffic (AWS services that support endpoints). Endpoints add their own hourly and (sometimes) per-GB charges, so you need a break-even model based on your traffic mix.
What should I do if I don't have perfect data yet?
Use scenarios: estimate NAT GB processed and model 30% / 60% / 90% of that traffic moving to endpoints. Also model 2-AZ vs 3-AZ deployments for endpoints, because AZ count is a major multiplier.
Last updated: 2026-01-22