AWS NAT Gateway Costs: The $0.045/GB Tax
AWS NAT Gateway is the single most common source of cloud bill shock. It charges $0.045/GB for every byte it processes, on top of the standard egress rate. A typical production VPC with 10TB/month of outbound traffic pays $460/month in NAT processing fees alone, which is more than many EC2 instances cost. This page breaks down exactly how NAT Gateway pricing works, why it is so expensive, what alternatives exist, and how to determine if you are overpaying.
The True Cost of NAT Gateway
With a 3-AZ deployment (best practice), you run 3 NAT Gateways at $97/month in hourly charges before any traffic flows. Add 10TB of traffic and the bill reaches $557/month in NAT costs alone, plus the $912 in standard egress. NAT Gateway can easily be 40-60% of your total data transfer bill.
NAT Gateway Alternatives Compared
Several alternatives to NAT Gateway exist, each with different cost and complexity trade-offs.
| Solution | Monthly Base | Per-GB Rate | 10TB/mo Cost | HA | Maintenance |
|---|---|---|---|---|---|
| NAT Gateway | $32.40 | $0.045/GB | $492 | Built-in (per-AZ) | Zero (managed) |
| NAT Instance (t4g.nano) | $3.07 | $0.00/GB | $3.07 | Manual (ASG needed) | Self-managed |
| IPv6 Egress-Only IGW | Free | Free | $0.00 | Built-in | Zero (managed) |
| VPC Endpoint (Interface) | $7.20/AZ | $0.01/GB | $122 | Built-in (multi-AZ) | Zero (managed) |
Common NAT Gateway Traffic Sources and Fixes
Before choosing an alternative, audit what traffic is flowing through your NAT Gateways. Many common traffic patterns can be redirected without changing your architecture.
| Traffic Source | Fix | Impact |
|---|---|---|
| S3 access from private subnets | Add S3 Gateway Endpoint (free) | High |
| DynamoDB access from private subnets | Add DynamoDB Gateway Endpoint (free) | High |
| ECR image pulls | Add ECR Interface Endpoints or use public subnets for ECS | Medium |
| Third-party API calls | Cache responses, batch requests, use connection pooling | Medium |
| OS package updates (yum/apt) | Use VPC Endpoint for S3 package repos, local mirrors | Low |
| CloudWatch/metrics/logs shipping | Add CloudWatch Interface Endpoints | Low |
| DNS resolution | Use Route 53 Resolver Endpoints | Low |
Frequently Asked Questions
How much does an AWS NAT Gateway cost?
AWS NAT Gateway has two charges: $0.045/hour ($32.40/month) per gateway just to exist, and $0.045/GB of data processed through it. For 10TB/month of traffic, NAT Gateway processing alone costs $460/month, plus the egress charge. Total effective cost per GB is $0.135 ($0.045 processing + $0.09 egress).
Why is NAT Gateway so expensive?
NAT Gateway is expensive because it charges per-GB processing on top of standard egress rates. Every byte that flows through the NAT Gateway incurs the $0.045/GB fee regardless of destination. This means even traffic going to other AWS services (which would otherwise be free intra-region) costs $0.045/GB if it routes through a NAT Gateway.
What are alternatives to AWS NAT Gateway?
Alternatives include: NAT instances (self-managed EC2 instances, cheaper for low traffic), IPv6 egress-only internet gateways (free, no per-GB charge), VPC Interface Endpoints (avoid NAT for AWS service traffic), public subnets for workloads that don't need private networking, and AWS PrivateLink for service-to-service communication.
How can I tell if NAT Gateway is my biggest cost?
Check AWS Cost Explorer filtered by 'NatGateway' usage type. Look at VPC Flow Logs to see what traffic is flowing through your NAT Gateways. Common culprits: S3 access without VPC Endpoints, pulling Docker images from ECR, third-party API calls, and OS package updates from private subnets.
Should I use a NAT instance instead of NAT Gateway?
A t4g.nano NAT instance costs $3/month versus $32/month for NAT Gateway, and processes data without the $0.045/GB charge. However, NAT instances require self-management (patching, monitoring, HA setup). For traffic under 5GB/month in non-production environments, a NAT instance is dramatically cheaper. For production workloads requiring high availability, NAT Gateway's managed HA may justify the cost.
Related Resources
Prices verified from AWS VPC Pricing. Last updated March 2026.