AWS: Cost optimization – services expenses overview and traffic costs in AWS

By | 11/03/2021
0 Comment
 

Let’s proceed with our journey on AWS Cost Optimization topics. Previous parts – AWS: Cost Explorer – costs checking on the CloudWatch Logs example and AWS: cost optimization – purchasing RDS Reserved Instances.

One of the shortcomings of the cloud-based architecture is the fact, that it can cost much more than when using own bare-metal servers. With this, cloud-providers can have a confusing billing scheme, where you’ll pay for resources used, traffic, and so on.

So, in this post, we will try to understand – for what are paying when using Amazon Web Services, and in the following parts will check useful AWS services to control and optimize AWS environments with Cost Explorer, Trusted Advisor, Compute Optimizer, AWS Budget, etc.

Costs categories on AWS

All costs can be splitter into three main groups – Compute, Storage, and Data Transfer:

  • Compute: charges for the rent of used  CPU and RAM capacity, a price depends on a used instance type
  • Storage: charges for the data stored
  • Data transfer: in most cases inbound traffic or traffic between services in the same AWS Region is free, but with exclusions. Actually, the traffic costs on AWS will be described in detail in the AWS Data Transfer Costs part of this post UPDATE

And I’d add another category for Data processing: this will include charges for HTTP(S) requests and data processing by an AWS service.

Knowing these categories, it will be easy to understand for what do you pay on AWS.

Let’s take a closer look with service examples:

  • Compute:
    • instance usage time (EC2, RDS, Redshift)
    • serverless computes (Lambda)
    • CPU credits usage for T-family instances (the “T2/T3/Т4 Unlimited mode“) (EC2, RDS, Redshift)
    • payment type – On Demand, Spot, Reserved, etc (EC2, RDS)
    • deployment type – one or multi-availability zones (RDS)
    • instance type and its CPU and RAM capacity
  • Storage:
    • Elastic Block Store (EBS):
      • a number of read/write operations
      • data storage used
      • data transfer
      • snapshots store (by the S3 price)
      • disk type – SSD, HDD
    • Simple Store Service (S3):
      • storage type (Standard, Infrequently-Accessed, Glacier)
      • number of objects stored
  • Data transfer:
    • data sent (NAT Gateway, LoadBalancer, EC2/EBS, S3)
  • Data processing:
    • a volume of received and/or processed data (Kinesis, CloudWatch Logs)
    • a number of processed HTTP(S) requests(CloudFront, API Gateway)

Also, we are charged for additional costs for the:

  • API requests to the AWS API (CloudWatch metrics collect, CloudTrail events)
  • AWS Marketplace licenses
  • and additional charges specific for an AWS Service like a number of rules in AWS WAF WebACL, that affects WAF charges, RDS Insights, extended CloudWatch monitoring for EC2, and so on

AWS Services payment table

Let’s collect main AWS services to a table to see for what we are paying for when using a Service:

AWS service Compute Storage Data transfer Data processing Comments
EC2 – per-minute on running instances – see EBS – outbound data transfer – price depends on the pricing model (On-Demand, Reserved, Spot, Saving Plan)
EBS – per GB stored on EBS
– snapshots store (in S3) per GB
– I/O operations		 – snapshots transfer to AWS S3 (if cross-region) – per MB/s (for gp3) – price depends on an EBS type (SSD-backed, HDD-backed)
– EBS snapshots store charged
RDS – per-minute on running instances – per GB stored
– I/O operations
– backups (snapshots) storage		 – snapshots export to S3
– outbound data transfer		 – price depends on a Single or Multi-AZ deployment model
– cross-AZ replication data transfer is free
S3 – per GB stored
– per objects number stored		 – outbound data transfer – requests number (PUT, COPY, POST, etc)

– additional management like S3 inventory, analytics, objects tagging

 – depends on Storage Class (S3 Standard, S3 Glacier, etc)
– data transfer is free between S3 buckets in the same AWS Region
– data transfer is free from an S3 to an AWS Service in the same AWS Region
CloudFront – data transfers out from edge locations to the Internet
– data transfers out from edge locations to an origin		 – number of HTTP or HTTPS requests – the price depends on Price Class (Price Class All, Price Class 200, Price Class 100)
Lambda – per seconds of used compute time during functions executing
– number of function invocations
– memory used
– provisioned concurrency		 – AWS Region outbound data transfer – data transfer is free between Lambda and some AWS Services

AWS Data Transfer Costs

And let’s discuss the most interesting topic: for what are we paying when sending traffic on AWS?.

As a general rule, traffic on AWS can be divided into two parts – between Amazon Web Services and the Internet, and inside of the AWS network. Also, traffic price can be different depending on its direction – into the same or another Availability Zone, AWS VPC, or an AWS Region.

So, just keep in mind that:

  • all outbound traffic will be charged for all services that have an Elastic Network Interface (EC2, ALB)
  • all cross-availability zone traffic
  • all cross-region traffic

AWS Data Transfers over the Internet

Inbound traffic from the Internet into AWS

Almost all incoming traffic from the Internet to the AWS Cloud is free of charge.

And vise versa – almost all outbound traffic will cost us some money.

Outbound traffic from the AWS Cloud to the Internet

Outgoing traffic from an AWS account to the Internet will be billed by an AWS Region price as they are varied. See the Amazon EC2 On-Demand Pricing > Data TransferData Transfer IN To Amazon EC2 From Internet and Data Transfer OUT From Amazon EC2 To Internet.

Also, when AWS will charge you for the outgoing traffic, it will summarize outbound traffic from the following services in your account:

  • Amazon RDS
  • Amazon Redshift
  • Amazon SES
  • Amazon SimpleDB
  • Amazon EBS
  • Amazon S3
  • Amazon Glacier
  • Amazon SQS
  • AWS Storage Gateway
  • Amazon SNS
  • Amazon DynamoDB
  • Amazon CloudWatch Logs

Data Transfer Costs inside of the AWS Cloud

Inter-Region data transfers

Data transfer between AWS Regions will be charged by the price of the source region. In the same table on the Amazon EC2 On-Demand Pricing > Data Transfer page in the Data Transfer OUT From Amazon EC2 To you can see a price for each region.

For example, we have an S3 bucket in the us-east-2, Ohio, and it has S3 replication configured to a bucket in the us-west-1, N. California, see the AWS: S3 Cross-Region Replication with DeleteMarkers set up for more details.  In that case, we will be charged by the price of the us-east-2, Ohio.

Data transfers between AWS Regions and Direct Connect locations

Although the main rule is that incoming traffic is free, for the Direct Connet there is an exclusion, as its incoming traffic will be charged, and depends on the source and target region’s prices. See Data transfer out (DTO) pricing for AWS Direct Connect.

For example, data transfer from Ohio to a Direct Connection in N. California will cost $0.0200 per GB, and from Ohio to Ireland, eu-west-1 – $0.0282 per GB sent.

Data transfers between CloudFront Edge locations and AWS Regions

Edge locations for CloudFront are AWS data centers to store information obtained from origins.

Here, we are paying for the:

  1. data transfer from Edge locations to the Internet
  2. data transfer from Edge locations to origins
  3. a number of HTTP(S) requests processed

And again – the price will depend on the source and target region, see more at Amazon CloudFront Pricing.

AWS Data transfer inside on an AWS Region

When AWS services communicate in the bound of the same AWS Region, some traffic can be charged as well.

  • data transfer between Amazon EC2, AWS containers, Amazon RDS, Amazon Redshift, Amazon DynamoDB Accelerator (DAX), Amazon ElastiCache instances, or Elastic Network Interfaces between different Availability Zones, whether it was sent over a public or private IP, or using Elastic IPv4, will cost $0.01 per GB in both directions

For example, we are sending 500 GB from a Redshift cluster in a VPC-1 to an EC2 instance in the same VPC, but neighboring Availability Zone – in that case, we will be charged $5 for the outgoing traffic from the VPC-1, and another $5 for the incoming traffic to the VPC-2.

  • data transfer between EC2 instance, containers, or Elastic Network Interfaces in the same Availability Zone VPC using a Public IP or Elastic IP will cost $0.01 per GB in each direction

If you have two EC2, each with its own Elastic IP attached – then we will be charged for the data transfer.

  • data transfer between EC2 instances, containers, or Elastic Network Interfaces in the same Availability Zone and the same VPC using private IP is free of charge

Here is simple enough: use only Private IPs inside of a VPC, do not pass the AZ-borders – and you’ll pay nothing.

  • data transfer between AWS services that can not be bounded by an Availability Zone or VPC (such as AWS S3, DynamoDB, SES, Kinesis, etc) and EC2 instances or other services in the same AWS Region is free of charge

Also, some cross-AZ traffic is free for services that use multi-AZ deployments, such as Amazon Aurora, Amazon Neptune, and Amazon RDS.

Also, traffic between Classic or Application Load Balancer and EC2 in the same AWS Region is free.

AWS traffic billing map

During a lot of googling while writing this post, I didn’t get something similar to a map with an illustrative demonstration on the AWS traffic charges. The only thing I’ve found is the Overview of Data Transfer Costs for Common Architectures on AWS Blogs.

So, on the scheme below I’ve tried to demonstrate which traffic will be billed on AWS:

Let’s check it step-by-step starting from an “entry point” – the Load Balancer in the Region-1 and AZ-1.

Region-1, Availability Zone-1:

  1. LoadBalencer incoming traffic is charged (because LCU includes bytes processed)
  2. then, the traffic if going from the ALB to an EC2 – and it’s free
  3. EC2 sends responses via a NAT Gateway, during this data transfer between this EC2 and NAT GW is free, but NAT GW’s outgoing traffic will be billed
  4. EC2 sends data to a CloudFront Edge Location in the same AWS Region, and this is free, but sending data from CloudFront to visitors is billed
  5. data traffic from CloudFront Edge Locations to EC2 will be billed
  6. data transfer between EC2 and an S3 in the same region is free
  7. EC2 via a VPC peering connection talks to an RDS Master instance in the sane AZ – and this is also free
  8. EC2 via a VPC peering connection talks to an RDS Slave in another AZ – this will be billed (cross-AZ)
  9. replication traffic between RDS Master and its RDS Slave in the same AWS Region is free

Region-1, Availability Zone-2:

  1. data traffic from the EC2 in the AZ-2 to the EC2 in the AZ-1 is charged as it is cross-AZ traffic
  2. traffic between EC2 and RDS Slave in the AZ-2 is free
  3. but traffic from the EC2 and RDS Master will be billed, as again it’s cross-AZ

Region-2, Availability Zone-3:

  1. outgoing traffic from the EC2 in this Region to the EC2 in the Region-1 will be billed, as this is the cross-region transfer
  2. outgoing traffic from the EC2 in this Region to the S3 bucket in the Region-1 will be billed, as this is the cross-region transfer

AWS traffic advice

  • try to keep all your workloads in the same AWS Region, and if will need to use another – choose a one with the lowest price
  • try to keep all your workload in the same Availability Zone and VPC, and to use private IPs for connections
  • avoid using NAT Gateways as it’s billed by the outgoing traffic. Where it’s possible – use Internet Gateways instead
  • use CloudFront if you need to send data to users – it will be faster and cheaper in bills, than if sending traffic directly from an EC2 instance

Useful links