This chapter covers AWS data transfer costs, a critical topic for the SAA-C03 exam under Domain 4 (Cost Optimized Architectures). Understanding these costs is essential for designing cost-effective architectures and for answering roughly 5-10% of exam questions that involve cost analysis. You will learn the exact pricing for data transfers within an AZ, between AZs, to other regions, and to the Internet, along with strategies to minimize costs. The exam tests not just the numbers but the architectural implications—where to place resources and how to design data flows to reduce transfer charges.
Jump to a section
Imagine a company with three buildings: Building A (Same AZ), Building B (Different AZ), and the public Internet. The company has a private courier service for internal mail. Sending a letter within Building A costs $0.01 because it stays on the same floor—no sorting, no trucks. Sending a letter from Building A to Building B costs $0.02 because the courier must drive between buildings, using fuel and time. Sending a letter to an external address via the public postal service costs $0.09 because it requires sorting, long-distance transport, and multiple handoffs. The company's IT department tracks every letter's origin and destination to bill departments accordingly. AWS charges data transfer similarly: traffic within an Availability Zone (AZ) is free, between AZs in the same region costs $0.01/GB each way, and out to the Internet costs $0.09/GB. The underlying mechanism is that AWS uses a highly redundant, private fiber network within AZs (no cost), a regional backbone between AZs (cost recovery for infrastructure), and peering/transit connections to the Internet (external cost). Just as the courier's cost reflects distance and handling, AWS's data transfer pricing reflects the physical network resources consumed.
What is AWS Data Transfer and Why Does It Cost?
AWS charges for data transfer across network boundaries within its infrastructure. The cost model is designed to reflect the underlying network resources consumed: intra-AZ traffic stays on a single high-speed private network, cross-AZ traffic traverses the regional backbone, and Internet traffic uses AWS's peering and transit connections. The SAA-C03 exam expects you to know the exact pricing tiers and apply them to architectural decisions.
Data Transfer Within an Availability Zone (Same AZ)
All data transfer between services within the same Availability Zone is free. This includes:
EC2 instance to another EC2 instance in the same AZ
EC2 to RDS in the same AZ
EC2 to ELB in the same AZ
S3 to EC2 in the same AZ (if using S3 Gateway Endpoint or S3 interface endpoint within the same AZ)
This is because the traffic stays within the AZ's private network, which AWS owns and operates without external peering costs. There is no charge for ingress (data entering) or egress (data leaving) within the same AZ.
Data Transfer Between AZs in the Same Region (Cross-AZ)
Data transfer between Availability Zones in the same region incurs a charge of $0.01/GB in each direction (both inbound and outbound). For example, if an EC2 instance in us-east-1a sends 10 GB to an EC2 instance in us-east-1b, the sender is charged $0.10 for outbound data, and the receiver is charged $0.10 for inbound data (if applicable, though typically only outbound is billed). The exam often tests this symmetric cost.
Key points:
Both directions are charged, but AWS typically bills only for outbound data from the source service. However, cross-AZ traffic is billed at $0.01/GB for each GB sent out of an AZ.
This charge applies to traffic between EC2, RDS, Redshift, ElastiCache, and other services across AZs.
Using an Elastic Load Balancer (ALB/NLB) in multiple AZs: traffic from EC2 instances to the ALB is free if they are in the same AZ; traffic from the ALB to EC2 in another AZ incurs cross-AZ charges.
Data Transfer to Different AWS Regions
Inter-region data transfer costs more: $0.02/GB (outbound from the source region) for most regions, with higher rates for some (e.g., $0.09/GB from South America). This reflects the cost of long-haul fiber links. Inbound to a region is free. The exam may ask you to compare costs of replicating data across regions vs. within a region.
Data Transfer to the Internet
Internet egress is the most expensive. Pricing tiers (per GB) for EC2:
First 1 GB/month: free
Up to 10 TB/month: $0.09/GB
Next 40 TB/month: $0.085/GB
Next 100 TB/month: $0.07/GB
Over 150 TB/month: $0.05/GB
These are aggregate across all services. Ingress (data coming from the Internet) is free. The exam tests that you can calculate costs for large data transfers and identify scenarios where using a CDN (CloudFront) or Direct Connect can reduce costs.
Data Transfer with AWS Services
S3: Data transfer out to the Internet is charged at S3 pricing (same as EC2 tiers). Data transfer to CloudFront is free. Data transfer to EC2 in the same region is free if using a Gateway Endpoint; otherwise, if using a NAT gateway or Internet Gateway, it costs Internet egress rates.
CloudFront: Data transfer out to the Internet is cheaper than EC2 (e.g., $0.085/GB for first 10 TB). Data transfer from origin (e.g., S3) to CloudFront is free. The exam loves this: using CloudFront reduces origin egress costs.
Direct Connect: Data transfer over Direct Connect is charged at lower rates (e.g., $0.02/GB for outbound to on-premises). Inbound is free. This is cheaper than Internet egress.
VPC Peering: Traffic across VPC peering within the same region is charged at cross-AZ rates ($0.01/GB each way). Inter-region VPC peering is charged at inter-region rates.
NAT Gateway: Data processing charges apply ($0.045/hour + $0.045/GB processed). Additionally, data transfer out to the Internet is charged at EC2 Internet egress rates.
Transit Gateway: Cross-AZ traffic through Transit Gateway incurs cross-AZ charges. Inter-region peering incurs inter-region charges.
How Data Transfer Is Billed
AWS measures data transfer at the network interface level. For EC2, the amount of data sent out of the instance (egress) is billed based on the destination. Ingress is free. For services like S3, egress to the Internet is billed. The exam may present a scenario where you need to calculate total cost given data volumes and destinations.
Strategies to Reduce Data Transfer Costs
Collocate resources in the same AZ: Place EC2, RDS, and other services that communicate heavily in the same AZ to avoid cross-AZ charges. However, this sacrifices high availability. The exam tests trade-offs.
Use Gateway Endpoints for S3/DynamoDB: Instead of routing traffic through a NAT gateway or Internet Gateway, use a Gateway Endpoint to access S3 and DynamoDB from within a VPC. This keeps traffic within AWS's network, avoiding Internet egress costs. Gateway Endpoints are free.
Use CloudFront: For content delivered to users, CloudFront reduces origin egress costs because data transfer from origin to CloudFront is free, and CloudFront egress is cheaper than EC2 egress.
Use Direct Connect or VPN for hybrid workloads: Lower per-GB rates compared to Internet egress.
Minimize inter-region traffic: Replicate data only when necessary, and consider using S3 Cross-Region Replication with appropriate cost awareness.
Exam-Relevant Numbers and Values
Intra-AZ: $0.00/GB
Cross-AZ (same region): $0.01/GB each way
Inter-region: $0.02/GB (typical) outbound
Internet egress (first 10 TB): $0.09/GB
CloudFront egress (first 10 TB): $0.085/GB
Direct Connect egress: $0.02/GB (typical)
Data transfer from S3 to CloudFront: $0.00/GB
NAT Gateway data processing: $0.045/GB
Common Exam Scenarios
Scenario: An application running on EC2 in us-east-1a needs to access a database in us-east-1b. Question: What is the data transfer cost? Answer: $0.01/GB each way.
Scenario: A company wants to serve large files to users globally. Should they use CloudFront? Yes, because it reduces origin egress costs and provides lower latency.
Scenario: Two EC2 instances in the same AZ communicate. Cost? $0.00.
Scenario: Data is transferred from EC2 to S3 via a NAT gateway. Cost includes NAT processing and Internet egress. Better to use a Gateway Endpoint.
Interaction with Related Technologies
VPC Endpoints: Gateway Endpoints (S3, DynamoDB) are free and avoid Internet egress. Interface Endpoints (PrivateLink) incur hourly charges and data processing costs ($0.01/GB). The exam may ask which endpoint type to use based on cost.
NAT Gateway vs. NAT Instance: NAT Gateway has higher data processing costs but is managed. NAT Instance has lower data processing but requires management.
Load Balancers: Cross-zone load balancing is free for ALB and NLB within a region, but traffic from the load balancer to instances in another AZ incurs cross-AZ charges (if cross-zone is enabled, traffic may flow across AZs). The exam tests this nuance.
Identify source and destination
Determine the AWS service and location of the data source and destination. For example, an EC2 instance in us-east-1a sending data to an S3 bucket. The source is the EC2 instance (egress), and the destination is S3. The location of S3 is regional, but access via Gateway Endpoint keeps traffic within AWS network, while via NAT Gateway goes to the Internet.
Determine network path
Trace the network path: does the traffic stay within the same AZ, cross AZs, go to another region, or go to the Internet? For EC2 to S3, if using a Gateway Endpoint, traffic goes through AWS's private network and stays within the same region. If using NAT Gateway, traffic goes to the Internet and then to S3, incurring Internet egress costs.
Apply data transfer pricing
Based on the path, apply the correct pricing. Intra-AZ: free. Cross-AZ: $0.01/GB each way. Inter-region: $0.02/GB outbound (typical). Internet egress: $0.09/GB for first 10 TB. For example, if 5 GB is transferred from EC2 to S3 via NAT Gateway, the cost is 5 GB * $0.09 = $0.45 for Internet egress plus NAT processing fees (5 GB * $0.045 = $0.225).
Account for bidirectional charges
Remember that cross-AZ and inter-region charges apply in both directions. For cross-AZ, both the sender and receiver are charged $0.01/GB for data leaving their respective AZ. However, AWS typically bills only for outbound data from the source service. In practice, if EC2 in AZ A sends to EC2 in AZ B, the sender is billed $0.01/GB, and the receiver is not billed for inbound. But if the receiver sends data back, that is a separate charge.
Optimize to reduce costs
After calculating costs, identify optimization opportunities. For example, if cross-AZ costs are high, consider moving resources to the same AZ (if HA requirements allow). If Internet egress is high, use CloudFront or Direct Connect. Use Gateway Endpoints for S3/DynamoDB. The exam expects you to recommend the most cost-effective architecture based on data transfer patterns.
Enterprise Scenario 1: Multi-tier Web Application with HA
A company deploys a web application across two AZs for high availability. The web tier (EC2) is in us-east-1a and us-east-1b, and the database tier (RDS Multi-AZ) spans both AZs. Traffic flows: users hit an ALB (in both AZs), which forwards to web servers in the same AZ (cross-zone load balancing disabled to avoid cross-AZ charges). Web servers query the database using the RDS endpoint. Since RDS Multi-AZ has a primary in one AZ and standby in the other, reads from the primary in the same AZ are free, but writes are replicated to the standby cross-AZ, incurring cross-AZ charges for the replication traffic. The company notices high data transfer costs. Solution: Enable Multi-AZ with synchronous replication, but accept the cross-AZ cost for replication. To reduce costs, they could use read replicas in the same AZ as the web servers for read traffic. This scenario is common in the exam: understanding that RDS cross-AZ replication incurs costs, and read replicas can reduce cross-AZ read traffic.
Enterprise Scenario 2: Media Streaming Platform
A media company stores video files in S3 and serves them to users worldwide. Initially, they used EC2 instances to stream content, incurring high Internet egress costs ($0.09/GB). They migrated to CloudFront, which reduced egress costs to $0.085/GB (first 10 TB) and eliminated S3 egress costs (data transfer from S3 to CloudFront is free). Additionally, CloudFront edge caching reduced latency. The company also uses S3 Transfer Acceleration for uploads from remote locations. This scenario tests knowledge of CloudFront cost benefits and when to use Transfer Acceleration.
Enterprise Scenario 3: Hybrid Cloud with Direct Connect
A financial services firm has on-premises data center connected to AWS via Direct Connect. They run analytics workloads on EC2 that process large datasets (hundreds of TB) from on-premises. Data is transferred from on-premises to AWS (ingress) free, but results sent back to on-premises (egress) are billed at Direct Connect rates ($0.02/GB vs. Internet $0.09/GB). They also replicate data to another region for disaster recovery, incurring inter-region charges. Misconfiguration: They initially used VPN instead of Direct Connect, resulting in higher egress costs and inconsistent performance. After switching to Direct Connect, costs dropped by over 50%. The exam tests that Direct Connect provides lower and predictable data transfer costs compared to Internet.
What SAA-C03 Tests on Data Transfer Costs
This topic falls under Domain 4 (Cost-Optimized Architectures), Objective 4.4: Determine how to optimize data transfer costs. The exam tests your ability to:
Identify the cost of data transfer between services based on their placement (same AZ, cross-AZ, different region, Internet).
Recommend architectural changes to reduce data transfer costs (e.g., using Gateway Endpoints, CloudFront, Direct Connect).
Calculate total cost given data volumes and transfer patterns.
Common Wrong Answers and Why Candidates Choose Them
"Data transfer within a VPC is always free." This is false because cross-AZ traffic within the same VPC is charged $0.01/GB. Candidates confuse VPC with Availability Zone.
"Data transfer from EC2 to S3 is always free." It is free only if using a Gateway Endpoint. If using a NAT Gateway or Internet Gateway, it incurs Internet egress costs. Candidates forget the endpoint type.
"Cross-AZ traffic is free if using a load balancer." Cross-zone load balancing is free, but the traffic from the load balancer to instances in another AZ is still cross-AZ and charged. Candidates think load balancer eliminates the charge.
"Data transfer to CloudFront is charged at Internet egress rates." Actually, data transfer from origin to CloudFront is free. Candidates assume all egress is paid.
Specific Numbers and Terms on the Exam
Memorize these values:
Intra-AZ: $0.00/GB
Cross-AZ (same region): $0.01/GB each way
Inter-region: $0.02/GB (typical) outbound
Internet egress (first 10 TB): $0.09/GB
CloudFront egress (first 10 TB): $0.085/GB
Direct Connect egress: $0.02/GB (typical)
NAT Gateway data processing: $0.045/GB
Gateway Endpoint: free
Interface Endpoint (PrivateLink): $0.01/GB data processed + hourly charges
Edge Cases and Exceptions
Data transfer to AWS services in the same region: Free for some services (e.g., S3 via Gateway Endpoint, DynamoDB via Gateway Endpoint) but not for others (e.g., using NAT Gateway).
Data transfer between AWS accounts: Same pricing as within a single account. VPC peering cross-account incurs cross-AZ charges.
Data transfer from AWS to on-premises via Direct Connect: Lower rates than Internet, but still charged.
Data transfer from EC2 to S3 in a different region: Charged at inter-region rates.
How to Eliminate Wrong Answers
When you see a data transfer cost question, first identify the source and destination locations (AZ, region, Internet). Then apply the correct pricing tier. Look for keywords: "same Availability Zone" = free; "different Availability Zone" = $0.01/GB; "different region" = $0.02/GB; "Internet" = $0.09/GB. Also check for endpoints: "Gateway Endpoint" means free access to S3/DynamoDB; "NAT Gateway" means additional processing charges. If the question asks for cost optimization, choose options that reduce egress (CloudFront, Direct Connect, Gateway Endpoints) or collocate resources.
Data transfer within the same Availability Zone is always free.
Data transfer between Availability Zones in the same region costs $0.01/GB each way.
Data transfer to a different region costs $0.02/GB (typical) outbound; inbound is free.
Internet egress costs $0.09/GB for the first 10 TB per month.
Data transfer from S3 to CloudFront is free; CloudFront egress is cheaper than EC2 egress.
Use Gateway Endpoints for S3 and DynamoDB to avoid Internet egress and NAT Gateway costs.
Direct Connect provides lower and predictable data transfer costs compared to Internet.
Cross-zone load balancing is free, but traffic from load balancer to cross-AZ instances incurs cross-AZ charges.
These come up on the exam all the time. Here's how to tell them apart.
Gateway Endpoint
Free to use (no hourly or data processing charges)
Only supports S3 and DynamoDB
Traffic stays within AWS network, no Internet egress
Uses route table entries to direct traffic
No additional cost for data transfer to S3/DynamoDB
Interface Endpoint (PrivateLink)
Charged hourly ($0.01/AZ/hour) and per GB processed ($0.01/GB)
Supports many AWS services (e.g., SNS, SQS, Kinesis) and custom services
Traffic stays within AWS network, no Internet egress
Uses Elastic Network Interfaces in subnets
Costs apply even for same-region access
Mistake
Data transfer within a VPC is always free regardless of AZ.
Correct
Data transfer within the same AZ is free, but cross-AZ traffic within the same VPC is charged $0.01/GB each way. The VPC is a logical container; AZ boundaries determine cost.
Mistake
Data transfer from EC2 to S3 is always free because S3 is in the same region.
Correct
It is free only if using a Gateway Endpoint. If traffic goes through a NAT Gateway or Internet Gateway, it incurs Internet egress costs ($0.09/GB) plus NAT processing fees.
Mistake
AWS does not charge for data transfer between services in the same region.
Correct
AWS charges for cross-AZ traffic ($0.01/GB each way) and inter-region traffic ($0.02/GB outbound). Only intra-AZ traffic is free.
Mistake
Using a load balancer eliminates cross-AZ data transfer charges.
Correct
Cross-zone load balancing is a free feature, but the traffic from the load balancer to instances in a different AZ is still cross-AZ and incurs charges. The load balancer itself does not change the underlying network path.
Mistake
Data transfer from S3 to CloudFront is charged at Internet egress rates.
Correct
Data transfer from S3 to CloudFront is free. CloudFront only charges for data transfer to the Internet at its own rates (lower than EC2 egress).
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
No, it costs $0.01/GB each way. Even though they are in the same VPC, crossing AZ boundaries incurs charges. Only traffic within the same AZ is free.
It depends on the endpoint. If you use a Gateway Endpoint, it is free. If you use a NAT Gateway or Internet Gateway, you pay Internet egress rates ($0.09/GB) plus NAT processing fees if applicable.
Use Amazon CloudFront. Data transfer from your origin (e.g., S3 or EC2) to CloudFront is free, and CloudFront's egress to the Internet is cheaper than EC2 egress. Additionally, CloudFront caches content at edge locations, reducing origin load.
Gateway Endpoints are free to use (no hourly or data processing charges) but only support S3 and DynamoDB. Interface Endpoints (PrivateLink) charge $0.01/AZ/hour plus $0.01/GB of data processed, but support many services.
The cross-zone load balancing feature itself is free, but the traffic from the load balancer to instances in a different AZ is still cross-AZ and charged at $0.01/GB each way.
Data transfer out to on-premises via Direct Connect is typically $0.02/GB (varies by region). Ingress to AWS is free. This is cheaper than Internet egress ($0.09/GB).
No, only intra-AZ traffic is free. Cross-AZ traffic costs $0.01/GB each way. Inter-region traffic costs more.
You've just covered AWS Data Transfer Costs: Same AZ, Cross-AZ, Internet — now see how well it sticks with free SAA-C03 practice questions. Full explanations included, no account needed.
Done with this chapter?