Hidden Cloud Egress Costs Nobody Warns You About

Every byte processed by a NAT Gateway incurs a $0.045/GB charge on top of the standard egress rate. A private subnet with 10TB/month of outbound traffic pays $450/month in NAT processing alone, plus $32/month for the gateway itself, plus the standard $0.09/GB egress. That is $0.135/GB effective rate versus the $0.09/GB you planned for. NAT Gateway costs are the single most common source of cloud bill shock.

Every request between services in different Availability Zones costs $0.01/GB in each direction ($0.02/GB round trip). This is invisible because AWS best practices mandate multi-AZ deployment for high availability. A microservice architecture with 10 services making cross-AZ calls generates enormous volumes of cross-AZ traffic. Kubernetes clusters spanning AZs are particularly affected.

API Gateway charges standard data transfer rates on all response data in addition to the per-request fee ($1.00-$3.50 per million requests). Large JSON responses, file downloads through the API, and WebSocket message payloads all incur these charges. Teams that calculate API Gateway costs based solely on request pricing often underestimate by 30-50% for data-heavy APIs.

Application Load Balancers on AWS charge $0.008 per GB of data processed through the load balancer, in addition to the hourly charge ($0.0225/hour) and the LCU charges. Network Load Balancers charge per NLCU-hour. Azure Application Gateway has similar data processing fees. These charges are small per-GB but compound with high-traffic applications.

While Gateway Endpoints (S3, DynamoDB) are free, Interface Endpoints for all other AWS services charge $0.01/GB processed plus $0.01/hour per AZ. Deploying interface endpoints across 3 AZs costs $21.60/month just in hourly charges before any data transfer. Teams often create interface endpoints for every service without considering the compounding hourly costs.

CloudWatch Logs data sent to external destinations (S3, Kinesis, third-party) incurs standard egress charges. CloudWatch Logs Insights queries scan data at $0.005/GB. Sending 1TB/month of logs to an external SIEM tool costs the log ingestion ($0.50/GB) plus egress. Many teams are unaware that their logging pipeline is their largest egress line item.

What are hidden cloud egress costs?

Hidden egress costs are data transfer charges that don't appear in the standard egress pricing tables. They include NAT Gateway processing ($0.045/GB on AWS), cross-AZ transfer ($0.01/GB each way), API Gateway data transfer fees, load balancer data processing charges, and VPC endpoint hourly costs. These often exceed the actual egress charges.

How much does AWS NAT Gateway data processing cost?

AWS NAT Gateway charges $0.045 per GB of data processed, in addition to the standard egress rate. This means traffic through a NAT Gateway effectively costs $0.135/GB ($0.045 processing + $0.09 egress). The NAT Gateway also charges $0.045/hour just to exist, adding approximately $32/month per gateway.

Why is cross-AZ transfer a hidden cost?

Cross-AZ transfer costs $0.01/GB each way ($0.02/GB round trip) on AWS. It's hidden because: most architecture guides recommend multi-AZ for high availability, the charges don't appear in egress pricing tables, and they're difficult to attribute on your bill. A microservice architecture with 10 services making cross-AZ calls can generate thousands in monthly cross-AZ charges.

Does API Gateway charge for data transfer?

Yes. AWS API Gateway charges for data transfer out in addition to the per-request fee. REST APIs transfer data at standard egress rates. WebSocket APIs also incur data transfer charges. These fees are often overlooked because teams focus on the per-request pricing.