Cloud data egress is billed at $0.05 to $0.12 per GB after the free tier, and for data-heavy enterprises it reaches 8 to 15 percent of the total cloud bill, almost all of it avoidable through architecture and contract terms. Egress is the charge for moving data out of a provider's network to the internet or to another region or provider. Unlike compute and storage, which buy capacity you use, egress is a pure friction cost: you pay to move your own data, and the price is set to make leaving expensive. This guide covers how it is priced, the recent rule changes, and the controls that bring it down.
Egress pricing does two jobs for a provider. It recovers network cost, and it raises the cost of multi-cloud and of leaving, which is why egress sits at the center of cloud lock-in. Understanding the pricing is the first step to controlling it, and controlling it is partly architecture and partly contract. The broader exit economics are in cloud exit strategy, and the negotiation specifics in cloud egress negotiation.
How egress is priced
All three major providers price egress in tiers that fall as volume rises, with internet egress charged per GB after a small monthly free allowance and inter-region transfer charged separately. The headline rates are similar; the detail that matters is what is free and what is not.
| Path | Typical rate per GB | Notes |
|---|---|---|
| Internet egress, first tier | $0.085 to $0.12 | After about 100 GB free per month |
| Internet egress, high volume | $0.05 to $0.08 | Tiered down above 150 TB |
| Inter-region transfer | $0.02 to $0.05 | Charged both directions on some services |
| Same-region, cross-zone | $0.01 to $0.02 | Often overlooked, adds up at scale |
| To CDN, origin pull | Reduced or free | Provider CDN lowers internet egress |
The line that surprises buyers is same-region cross-zone traffic, which is small per GB but enormous in aggregate for chatty distributed applications. A poorly placed database replica talking across zones can generate more egress cost than the application's external traffic.
The free-egress-on-exit change
Through 2024 the major providers introduced free egress for customers leaving the platform entirely, under regulatory pressure in Europe and competitive pressure from each other. This lowers the cost of a full exit, but the conditions are narrow: the waiver applies to a complete departure, requires a request and a defined window, and does not cover ongoing multi-cloud transfer or partial migrations. Buyers who read the headline as free egress are mistaken; the day-to-day egress that drives the bill is unchanged. The exit-specific mechanics are in cloud exit strategy.
The control that pays back fastest: Most egress cost comes from a handful of high-volume paths, not from broad usage. Map the top ten data flows by volume and you typically find that two or three account for over 70 percent of the egress bill, usually backups crossing regions, analytics pulling from another provider, or media served without a CDN. Fixing those few paths, not a platform-wide redesign, captures the bulk of the saving.
Architectural controls
Four architectural moves cut egress at the source. Put a content delivery network in front of anything served to users, since CDN egress is cheaper than direct internet egress and origin pulls are often free. Colocate services that talk to each other in the same region and zone to eliminate inter-zone transfer. Process data where it lives rather than moving it to a central location, so analytics and machine learning run next to the data store. Compress and batch transfers that must cross boundaries. These are standard cost-optimization practice, covered alongside compute and storage rightsizing in cloud cost optimization.
Contract controls
Architecture reduces the volume; the contract reduces the rate. The terms worth securing are an egress waiver or allowance tied to your committed spend, committed-egress discounts for predictable high-volume paths, and a private interconnect or direct-connect arrangement that prices dedicated bandwidth below metered internet egress. These are negotiable, especially when egress is a meaningful share of a large commitment, and they should be set when you hold the advantage at a new deal or renewal. The negotiation approach is in cloud egress negotiation and the FinOps framing in cloud FinOps negotiation.
The reason these flows escape scrutiny is that they are owned by infrastructure and resilience teams whose mandate is uptime, not cost, and who are measured on recovery objectives rather than the cloud bill. A nightly cross-region copy that satisfies a recovery requirement is a success by that team's metric even when it quietly generates the largest egress line on the invoice. Bringing the resilience team and the FinOps function together to right-size replication against the actual recovery objective, rather than the most conservative default, is what closes this gap without weakening resilience.
Backup and disaster recovery egress
Backup and disaster recovery are the largest hidden egress drivers in most enterprises, because they move large data volumes across regions on a schedule and rarely show up in the cost conversation. A cross-region backup that copies terabytes nightly generates inter-region transfer charges every night, and a disaster-recovery replica that streams changes to a second region runs continuously. These flows are designed for resilience, not cost, and the teams that build them are not usually the teams that read the cloud bill, so the egress accumulates unexamined. The fixes are specific: keep backups in-region where the resilience requirement allows, use the provider's own backup service which often carries reduced or waived transfer, compress and deduplicate before transfer, and right-size the replication frequency to the actual recovery objective rather than the most aggressive default. For an estate moving tens of terabytes a month for backup, these changes commonly remove $20,000 to $60,000 a year of egress.
The CDN economics
A content delivery network changes egress economics because origin pulls to the CDN are usually cheaper or free, and the CDN serves users from its edge at a lower per-GB rate than direct internet egress. For anything served repeatedly to many users, static assets, media, software downloads, and cacheable API responses, putting a CDN in front converts expensive origin egress into cheaper edge delivery and reduces the volume leaving the origin at all because the edge cache absorbs repeat requests. The saving scales with cache hit rate: a 90 percent cache hit rate means only 10 percent of requests reach the origin and incur origin egress. The CDN itself has a cost, so the analysis is the CDN fee against the avoided internet egress, but for high-traffic content the comparison almost always favors the CDN, and using the provider's own CDN keeps origin pulls inside the discounted boundary.
| Delivery path | Relative cost per GB | Best for |
|---|---|---|
| Direct internet egress | Highest | Low-volume, one-off transfers |
| Provider CDN edge delivery | Lower | Repeatedly served content |
| Private interconnect, direct connect | Lowest for steady volume | Predictable high-volume flows |
| In-region, same zone | Free or near free | Service-to-service traffic |
Measuring egress before you fix it
Egress cannot be controlled until it is measured by path, and most cost tools report it as a single aggregate line that hides where it comes from. The work that pays back is attributing egress to its source: which service, which region pair, which destination. Provider cost and usage reports, network flow logs, and detailed billing exports together let a team rank the data flows by cost and find the handful that dominate. Almost always, two or three flows account for the majority of the egress bill, and they are not the ones anyone expected, a misconfigured replica, an analytics job pulling cross-provider, or media served without a CDN. Measuring first means the engineering effort lands on the flows that matter rather than spreading thinly across the whole estate. This attribution discipline is the foundation of cloud cost optimization.
The concentration rule: Egress cost is highly concentrated. In most estates the top three data flows account for more than 70 percent of the egress bill, which means a focused fix on those three captures most of the available saving for a fraction of the effort a platform-wide redesign would take. Measure, rank, then fix the top of the list and stop when the curve flattens.
Private interconnect math
For predictable, high-volume flows, a private interconnect or direct-connect circuit prices dedicated bandwidth below metered internet egress and turns a variable cost into a fixed one. The circuit carries a fixed monthly port fee plus a reduced per-GB rate, so the economics favor it once steady egress volume passes a threshold, typically where monthly internet egress on a given path would exceed the circuit's fixed cost. A data-heavy estate moving consistent volume to an on-premise data center or a partner network often finds the interconnect cheaper within months, with the added benefits of predictable performance and a known monthly cost. The analysis is the fixed circuit cost against the metered egress it replaces at your actual volume, and it should be revisited as volume grows. The contract terms for interconnect and committed egress are part of cloud egress negotiation and the renewal framing in cloud renewal strategy.
Storage retrieval fees, the egress cousin
Egress is not the only cost charged for moving your own data; archival storage tiers add retrieval fees that behave the same way and surprise buyers who chose the cheapest storage tier without reading them. Cold and archive storage tiers price storage cheaply but charge a per-GB retrieval fee and sometimes a minimum storage duration, so data placed in archive and then retrieved sooner or more often than expected can cost more than if it had stayed in standard storage. A backup set archived to save on storage and then restored during an incident can incur retrieval fees that dwarf the storage saving. The control is to match the storage tier to the real access pattern: archive only data that is genuinely cold, and keep anything with a plausible retrieval need in a tier without retrieval penalties.
Retrieval fees compound with egress when retrieved data is then moved out of the region or the provider, stacking a retrieval charge on top of an egress charge for the same bytes. Modeling the full lifecycle cost of data, storage tier plus retrieval plus egress, rather than the storage rate alone, is what prevents the cheap-tier trap. This lifecycle view belongs in the same cloud cost optimization analysis as egress itself.
Egress and multi-cloud
Egress is the tax on multi-cloud, and any architecture that moves data routinely between providers should price that traffic explicitly before committing to the design. A multi-cloud pattern that looks resilient on a diagram can carry egress costs that erase the benefit. Where multi-cloud is a deliberate choice, the data-movement paths belong in the total cost model and the portability terms in contract terms that matter. Our cloud contract negotiation and software licensing advisory teams map egress and negotiate waivers across AWS and Google Cloud estates. The number to remember: for a data-heavy estate, egress is 8 to 15 percent of the cloud bill, and a focused effort on the top few data paths routinely removes more than half of it.