AWS data egress to the internet lists at $0.05 to $0.09 per GB after the first 100 GB free per month, but enterprises with petabyte-scale transfer routinely negotiate it down 35 to 65 percent through committed-volume waivers, and the free-egress-on-exit rule in force since 2024 removes transfer-out fees entirely when you leave AWS. Egress is the most overlooked line on a large AWS bill because it accumulates in small per-gigabyte increments across thousands of workloads, yet at scale it becomes one of the most negotiable charges AWS levies. This page covers the pricing, the hidden inter-zone traps, and the levers.
Egress pricing by tier and region
AWS charges for data leaving its network to the public internet on a declining per-gigabyte scale, with the first 100 GB per month free across most services. Inbound data transfer is free. The rate varies by source region, with US and EU regions cheapest and regions such as South America and parts of Asia Pacific materially higher.
| Monthly egress (US East) | Per-GB rate | Effective cost at volume |
|---|---|---|
| First 100 GB | $0.00 | Free |
| Up to 10 TB | $0.09 | $900 per 10 TB |
| Next 40 TB | $0.085 | $3,400 per 40 TB |
| Next 100 TB | $0.07 | $7,000 per 100 TB |
| Over 150 TB | $0.05 | $50,000 per PB |
Even at the deepest published tier of $0.05 per GB, a petabyte of monthly internet egress lists at $50,000, or $600,000 per year, before any regional premium. For a media, gaming, or data-distribution business, egress can exceed compute as the largest AWS line.
Inter-AZ and inter-region transfer
The egress that surprises teams is not internet egress; it is the transfer between Availability Zones and between regions that accrues inside the architecture. Cross-AZ traffic is charged at $0.01 per GB in each direction, so a chatty microservices estate spread across three AZs can generate a six-figure annual bill purely on internal traffic. Inter-region transfer runs $0.02 per GB and up. These charges are invisible until the bill is analyzed by transfer type, and they are reduced by architecture, not by contract.
The CloudFront offset: Routing internet egress through Amazon CloudFront often lowers the effective rate, because CloudFront data-out pricing is lower than direct EC2 or S3 egress at volume and CloudFront-to-origin transfer is free. For high-volume content delivery, moving egress behind CloudFront and then committing to a CloudFront private pricing agreement can cut the blended transfer rate by 30 to 50 percent before any negotiation on the underlying account. Model the CloudFront path before negotiating raw egress.
Egress by destination type
Not all data leaving AWS costs the same, and the destination determines the rate more than the volume does. Traffic to the public internet is the most expensive. Traffic to another AWS region carries an inter-region rate that is lower but still meaningful. Traffic within a region but across Availability Zones is cheaper again, and traffic within a single Availability Zone using private addressing is free. The single most effective egress reduction is therefore architectural: keeping data and the compute that consumes it inside the same Availability Zone eliminates the charge entirely, while careless placement across zones and regions accrues cost on every byte that crosses a boundary.
| Destination | Typical rate (per GB) | Reduction approach |
|---|---|---|
| Public internet | $0.05 to $0.09 | Edge caching, committed waiver |
| Cross-region | $0.02 | Co-locate dependent services |
| Cross-AZ | $0.01 each way | Consolidate chatty services |
| Same-AZ, private IP | $0.00 | Default for co-located compute |
| To CloudFront origin | $0.00 | Route distribution via edge |
NAT gateway and the hidden processing charge
A frequent surprise on the egress bill is the NAT gateway, which charges both an hourly rate and a per-gigabyte data-processing fee of roughly $0.045 on everything that passes through it, on top of the egress itself. A workload that routes all outbound traffic through a NAT gateway pays the processing charge and the internet egress charge together, effectively double-counting at the gateway. For high-volume outbound traffic, replacing NAT gateways with VPC endpoints for AWS-service traffic, or with a more efficient egress architecture, removes a charge many teams never knew they were paying. Audit the NAT gateway processing line specifically, because it hides inside the data-transfer category and is rarely attributed to the workloads generating it.
Direct Connect for predictable egress
For enterprises with large, steady egress to their own data centers or to a colocation facility, AWS Direct Connect replaces internet egress with a dedicated private connection billed at a much lower data-transfer-out rate, often around $0.02 per GB or less depending on location, plus a port-hour charge. The economics favor Direct Connect once sustained egress to a fixed destination passes a few hundred terabytes a month, because the lower per-gigabyte rate overtakes the port and circuit costs. Direct Connect also stabilizes performance, which is why hybrid estates with heavy data movement between AWS and on-premises systems standardize on it rather than paying internet egress rates on predictable traffic.
Free egress on exit
Since 2024, following regulatory pressure in the EU and a corresponding global policy change, AWS waives data-transfer-out fees for customers who are leaving AWS entirely and moving their data to another provider or on-premises. The waiver requires a request and applies to the full migration of workloads off AWS, not to ongoing operational egress. It materially changes the exit calculus: the cost of leaving is now the engineering effort, not a transfer-fee penalty, which strengthens your hand in any renewal because the switching cost AWS once relied on has fallen. The mechanics belong in any EDP negotiation as a stated alternative.
Finding egress before you negotiate
You cannot reduce what you cannot see, and egress is the AWS cost least often attributed to the workloads that generate it. Before any negotiation, break the data-transfer line down by type using the Cost and Usage Report: internet egress, cross-region, cross-AZ, NAT gateway processing, and CloudFront. The breakdown almost always surprises the team, because a large share of the bill turns out to be internal cross-AZ chatter and NAT processing rather than the customer-facing egress everyone assumes dominates. That attribution does two things. It identifies the architectural fixes that reduce billable volume, which is where the largest savings sit, and it produces the volume forecast you need to negotiate a committed-volume waiver, because AWS will price a waiver against a credible projection rather than a guess.
The order matters. Architectural reduction first lowers the volume, then the contract negotiation discounts what remains. Negotiating a waiver on egress you could have eliminated through better placement is paying to discount waste. The two work together: a clean attribution model feeds both the engineering backlog and the negotiation, and the engagement model for both is our cost optimization advisory.
Frequently asked questions
Is inbound data transfer charged?
No. Data transfer into AWS is free across services. The charges accrue on data leaving a resource, whether to the internet, another region, or another Availability Zone.
Does the free-egress-on-exit rule cover normal operations?
No. The waiver applies to a full migration of workloads off AWS, not to ongoing operational egress. It removes the transfer-fee penalty for leaving, which strengthens your renewal position, but it does not discount day-to-day traffic.
What is the single biggest egress reduction?
For most estates it is eliminating cross-AZ and NAT gateway charges through better resource placement and VPC endpoints, because that internal traffic is usually larger than customer-facing internet egress and is reducible by architecture alone.
Region selection and the egress bill
The region a workload runs in sets its egress rate before any negotiation happens, and region choice is an underused lever. US and EU regions carry the lowest transfer-out rates, while regions in South America and parts of Asia Pacific can run materially higher per gigabyte. For a global service, placing the data-distribution tier in a low-egress region and serving other geographies through the edge network can cut the blended transfer rate noticeably without any change to the contract. The same logic applies to where large datasets live: co-locating storage and the compute that processes it in one region eliminates the inter-region transfer that a careless multi-region design accrues on every read.
Multi-cloud and the lock-in argument
Egress is the charge that most shapes cloud lock-in, because moving large datasets out of a provider has historically carried a transfer-fee penalty that discouraged leaving. That dynamic is exactly why the free-egress-on-exit rule matters beyond its direct saving: it weakens the lock-in that egress fees created. In a multi-cloud estate, the egress cost of moving data between providers for processing can quietly exceed the compute saving the second provider was chosen for, so the data-gravity cost belongs in any multi-cloud decision. The practical guidance is to keep data and the compute that consumes it on the same provider wherever possible, and to treat cross-provider data movement as a cost to be designed out rather than absorbed. Where a genuine multi-cloud architecture is required, the egress between providers should be forecast and negotiated with the same rigor as any other major line.
Negotiation levers
Egress waivers and discounts are negotiated inside the committed-spend agreement, not separately. The strongest levers are a committed-volume egress discount tied to your forecast transfer, a CloudFront private pricing addendum for content delivery, and inclusion of a defined egress allowance in the EDP so a band of transfer is effectively free. Architecture levers compound the contract levers: consolidating cross-AZ chatter, caching at the edge, and co-locating data with compute reduce the billable volume the discount applies to. See our committed spend discount guide for how egress sits inside the EDP, the EDP pillar for the full agreement structure, and our cloud contract negotiation service for engagement. For the support fee that compounds on top of every transfer charge, see AWS enterprise support cost, and for the AWS vendor practice overview, the AWS vendor hub.