Skip to content
Hykell

AWS egress costs explained and how to monitor data transfer charges

If your AWS bill ever spiked “out of nowhere,” there’s a good chance data egress was involved. Egress is a classic hidden cost: billed after the fact and easy to miss until it’s big enough to hurt.

This page unpacks how AWS egress fees work, when they apply, how to monitor them in real time, and practical ways to cut your bill—plus how Hykell can automate savings of up to 40% with a pay-for-results model.

What are AWS data egress fees?

Data egress fees are charges for data that leaves AWS—typically to the public internet, but also for some cross-region or cross–Availability Zone transfers. In simple terms: when bytes exit AWS, you often pay.

Diagram showing AWS to Internet egress flow with 100 GB free and remaining billable GB — visual explanation of Data Transfer Out (DTO) and tiered per‑GB pricing

Egress fees are widely applied across cloud providers, which is why they’re often considered “hidden” costs that surprise teams after usage accrues. According to a GOV.UK working paper on egress fees, all UK public cloud customers have been subject to these fees when transferring data out of their provider’s cloud, except when volumes fall within free tier allowances.

AWS provides 100 GB of free data transfer out to the internet per account each month, and claims this covers “over 90%” of accounts with Data Transfer Out (DTO) usage. For content delivery, Amazon CloudFront includes 1 TB/month of free egress, separate from the standard 100 GB free tier.

It’s worth noting that AWS has recently changed some policies around migrations. AWS now waives egress fees for time-bound migrations if you contact support and get approved before starting. The company applies Data Transfer Out credits for 60 days to cover the move. This policy aligns with the EU Data Act’s push to reduce switching barriers and ban profit-generating egress fees by January 12, 2027.

Which transfers incur egress or transfer charges?

You’ll most commonly see charges for:

Data to the public internet:

  • S3 GETs/Downloads to clients over the internet
  • EC2 instances with public IPs serving traffic directly
  • Managed services fronted by public endpoints (ALB/NLB, API Gateway, etc.)

Content delivery network (CDN) traffic:

  • CloudFront egress to viewers (beyond the 1 TB/month free tier)

Inter-region data transfer:

  • Traffic between AWS regions (replication, cross-region API calls, DR sync)

Cross–Availability Zone (AZ) data transfer within the same region:

  • East-west service calls, replication, or traffic through multi-AZ architectures

Important nuances to understand are that not all “egress-like” traffic is to the internet. Cross-region and cross-AZ transfer is billed separately from internet egress, but still adds up. Free tiers help, but they’re easy to exceed in data-heavy applications. Many teams discover egress fees only after billing because they’re billed in arrears and can be complex to allocate by app or team, as Console Connect’s analysis points out.

How AWS calculates egress fees (with clear examples)

At a high level, egress pricing is tiered by the volume of data you transfer out in a month, and it varies by AWS region and service. Two simple steps:

  1. Determine billable GB per service/destination
  2. Apply the rate per tier for that region, after deducting eligible free allowances

Illustrative examples (rates vary by region/service—check your current AWS pricing before you rely on these numbers):

Example A: S3 static assets to the internet

  • You transfer 1.6 TB from S3 to global users this month
  • Subtract 100 GB free internet egress tier (account-level)
  • Your billable S3 egress is 1.5 TB, charged at the S3 egress tier rates for your region

Example B: Website behind CloudFront

  • 2.4 TB egress to viewers via CloudFront
  • Subtract 1 TB free CloudFront egress
  • Remaining 1.4 TB is charged at CloudFront egress rates by region/edge locations

Example C: Cross-AZ microservices within one region

  • Your services send 8 TB/month between AZs
  • This is not “internet egress,” but cross-AZ transfer rates apply per GB, and they can materially impact your bill—often more than you expect in chatty architectures

Signals that costs may spike include large or unoptimized payloads (images, logs, binaries), high cache miss ratios on CloudFront or app caches, east-west service chatter between AZs or regions, and NAT Gateway hairpinning (private workloads going out to public AWS endpoints).

Common pricing tiers and allowances you can leverage

AWS offers several free tiers and allowances that can help reduce your egress costs:

  • 100 GB/month free data transfer out to the internet (per account), as reported by The Register
  • 1 TB/month free egress from Amazon CloudFront, mentioned in Computing coverage
  • Migration credits: contact AWS Support before large one-time migrations to request DTO credits for 60 days

It’s worth noting that AWS says “over 90%” of accounts with DTO usage do not pay egress fees, but this is based on account counts. Provider experiences vary significantly—Microsoft reported “just under half” of UK customers pay egress fees according to the GOV.UK working paper.

Practical monitoring: where and what to watch

Start by ensuring the spend is visible at the right granularity (by app, team, environment) and then alert before surprises land on the invoice.

AWS Cost and Usage Report (CUR) is the gold source for per-GB, per-service details. In Athena/Glue, filter lineItem/UsageType for DTO or DataTransfer categories to analyze egress by service, region, or tag.

For Cost Explorer and Budgets, create a “Data transfer” filter view and set Budgets with alerts on actual and forecasted spend for “Data transfer” and “Amazon CloudFront.”

CloudWatch metrics to track include:

  • EC2: NetworkOut per ENI/instance
  • ALB/NLB: ProcessedBytes
  • NAT Gateway: BytesOutToDestination
  • CloudFront: BytesDownloaded
  • S3: BytesDownloaded (via Storage Lens or access logs analysis)

VPC Flow Logs with Athena can help attribute egress to specific subnets, security groups, or ENIs, and detect cross-AZ chatter and internet-bound patterns.

Monitoring and mitigation concept: NetworkOut metric, CloudFront cache hit/miss callouts, and checklist (VPC Endpoint, compression, same AZ) showing how to spot and reduce egress

Enforce tags (Application, Owner, Environment) so CUR-based dashboards show who’s driving egress.

Real-time-ish scripts and automations can include:

Quick daily egress snapshot by service (CUR via Athena):

SELECT
  bill_billing_period_start_date AS period_start,
  product_product_name AS service,
  product_region AS region,
  SUM(CASE WHEN lineItem_UsageType LIKE '%DataTransfer-Out%' OR lineItem_UsageType LIKE '%DTO%' THEN lineItem_UnblendedCost ELSE 0 END) AS egress_cost,
  SUM(CASE WHEN lineItem_UsageType LIKE '%DataTransfer-Out%' OR lineItem_UsageType LIKE '%DTO%' THEN lineItem_UsageAmount ELSE 0 END) AS egress_gb
FROM cur.cur_all
WHERE bill_billing_period_start_date >= date_trunc('month', current_date)
GROUP BY 1,2,3
ORDER BY egress_cost DESC
LIMIT 20;

CloudWatch CLI to check EC2 NetworkOut by instance (last 24h):

Terminal window
aws cloudwatch get-metric-statistics \
  --namespace AWS/EC2 \
  --metric-name NetworkOut \
  --dimensions Name=InstanceId,Value=i-0123456789abcdef0 \
  --statistics Sum \
  --start-time "$(date -u -d '1 day ago' +%Y-%m-%dT%H:%M:%SZ)" \
  --end-time "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
  --period 3600

Budget alert for Data Transfer:

Terminal window
aws budgets create-budget --account-id YOUR_ACCOUNT_ID --budget '{
  "BudgetName": "DataTransfer-Monthly",
  "BudgetLimit": {"Amount": "500", "Unit": "USD"},
  "TimeUnit": "MONTHLY",
  "BudgetType": "COST",
  "CostFilters": {"Service": ["Amazon CloudFront","Amazon Simple Storage Service","EC2 - Other"]},
  "NotificationsWithSubscribers": [{
    "Notification": {"NotificationType": "ACTUAL","ComparisonOperator": "GREATER_THAN","Threshold": 80.0,"ThresholdType":"PERCENTAGE"},
    "Subscribers": [{"SubscriptionType":"EMAIL","Address":"finops@example.com"}]
  }]
}'

A useful tip is to build a Grafana dashboard that correlates NetworkOut with cache hit ratio and 4xx/5xx rates so you can see when misses or retries cause egress spikes. For more options, see our guide to open source cloud cost management and Gartner-informed view of cloud cost optimization tools.

Actionable ways to reduce AWS egress costs

Put a CDN in front (and make it cache): Serve users via CloudFront to push bytes to edge; tune Cache-Control, ETags, and compression. You also benefit from the 1 TB/month free CloudFront egress.

Use private connectivity to AWS services: Replace internet/NAT paths with VPC Gateway Endpoints (S3/DynamoDB) and AWS PrivateLink for private service-to-service calls. This reduces paid internet egress and NAT data processing.

Architect for locality: Keep chatty services in the same AZ to avoid cross-AZ transfer; avoid unnecessary cross-region calls; prefer regional caches and read replicas to localize reads.

Cache aggressively: Layer CloudFront + origin cache + application cache (Redis/Memcached). Optimize TTLs, vary headers, and make responses cacheable.

Compress and shrink payloads: Enable Brotli/Gzip at CloudFront/ALB; optimize images (WebP/AVIF, responsive sizes); use delta sync or content hashing to avoid resending unchanged files.

Limit outbound transfer by design: Paginate APIs; reduce verbose logs sent off-cluster; move analytics pipelines to use columnar, compressed formats and regional S3 buckets.

Use migration credits when moving off AWS: If you’re executing a one-time region/provider migration, request DTO credits in advance to waive egress for the window, as reported by The Register.

For a step-by-step program to embed these controls, use our cloud cost audit checklist and review real-world case studies on cloud cost reduction.

How Hykell cuts egress and total AWS costs—automatically

Hykell focuses solely on AWS optimization and runs on autopilot, so you don’t need ongoing internal engineering work to keep savings.

What we do for egress and transfer-heavy stacks:

  • Deep-dive cost audit to surface where and why egress accrues (internet vs. cross-AZ vs. inter-region), mapped to apps/owners
  • Architectural and policy changes that cut bytes: CDN cache policies, image pipelines, compression, origin shielding, and request coalescing
  • Network path optimization: PrivateLink/VPC endpoints, AZ colocation, reduced NAT data processing
  • Real-time monitoring and alerting for “egress-per-request,” cache misses, and transfer anomalies
  • Broader AWS savings: EBS and EC2 right-sizing and modernization to lower the “cost per delivered GB,” plus Kubernetes optimization to cut east-west chatter

Our promise: save up to 40% on AWS. And our pricing is outcome-based—we only take a slice of what you save. If you don’t save, you don’t pay. Learn more at hykell.

Also explore:

FAQ: quick answers to People Also Ask

What are egress fees in AWS? Egress fees are charges for data that leaves AWS, typically to the public internet, with additional charges for cross-region and cross-AZ transfers. Many teams view them as “hidden costs” because they’re billed after usage accrues, according to the GOV.UK working paper and Console Connect.

How to avoid AWS egress fees? Leverage free allowances (100 GB/month internet egress; 1 TB/month CloudFront), cache content at the edge, use VPC endpoints/PrivateLink, keep chatty services in the same AZ, compress payloads, and limit outbound traffic. For one-time migrations, request DTO credits before starting.

How much does egress traffic cost? It depends on volume, region, and service with tiered per-GB pricing. Subtract any applicable free tiers, then apply the region’s rates. Use CUR/Athena to see exactly what you’re paying now.

How much does AWS LightSail egress cost? Lightsail bundles include a fixed data transfer allowance per instance; overages are charged per GB. Check the current Lightsail pricing page for your region to get exact rates.

How much does AWS egress data transfer cost? There isn’t a single number; costs depend on where data goes (internet, other regions, or AZs) and how much you transfer. Use Cost Explorer’s “Data transfer” filter and CUR for precise, current figures for your account.

What are data egress fees? General term for the cost of moving data out of a provider’s network. In AWS, this typically refers to Data Transfer Out (DTO) charges to the internet plus certain inter-region/AZ transfers.

What are Data Act egress fees? Under the EU Data Act, providers must reduce and eventually eliminate profit-making egress fees for switching, with a full ban on profit-generating fees by Jan 12, 2027. AWS has positioned migration fee waivers as part of “interoperability and customer choice.”

How to calculate egress charges?

  1. Group your usage by destination (internet, inter-region, cross-AZ) and by service. 2) Deduct free tiers (100 GB internet; 1 TB CloudFront). 3) Apply the correct regional per-GB price tier for each bucket of usage. Automate it via CUR + Athena and reconcile against Cost Explorer.

Want to cap egress spend without slowing your apps? Start with a focused audit and turn on automation. Hykell can identify your biggest transfer drains and implement fixes that save up to 40%—and if you don’t save, you don’t pay.

Get your free assessment today.