List-price math only. Real bills can be cut 30 to 70 percent by routing S3 traffic through a VPC Gateway Endpoint and fronting public buckets with CloudFront. The deep audit models your actual S3 access logs and ranks which buckets to re-route first.
| Line item | Math | Monthly |
|---|---|---|
| — | ||
| Destination | Rate | Notes |
|---|---|---|
| Internet, first 100 GB / mo | Free | Account-wide free tier across all AWS data transfer out. |
| Internet, next 9.999 TB | $0.09 / GB | Tier 1 — most teams sit entirely in this band. |
| Internet, next 40 TB | $0.085 / GB | Tier 2 kicks in above 10 TB / mo. |
| Internet, next 100 TB | $0.07 / GB | Tier 3. |
| Internet, over 150 TB | $0.05 / GB | Tier 4 — at-scale workloads should still front with CloudFront for caching. |
| Cross-region (any to any) | $0.02 / GB | Flat. Replication, cross-region GETs. |
| Same region via VPC endpoint | Free | Gateway Endpoint costs nothing; only S3 request fees apply. |
| Same region to AWS service | Free | EC2/Lambda/Athena pulling from S3 in the same region. |
| S3 to CloudFront origin | Free | The hop from S3 to CloudFront does not incur S3 egress. |
One-page checklist of the biggest S3 egress levers — VPC Gateway Endpoints, CloudFront fronting, regional bucket placement, multi-part download patterns to avoid, S3 Requester Pays, intelligent-tiering eviction traps, and the cross-region replication mistake that doubles every byte. PDF sent to your inbox.
internet_egress = max(0, gb - 100) capped per tier × tier rate
Example: 1,000 GB of internet egress in the default scenario = first 100 GB free + 900 GB × $0.09 = $81.00 per month. Push the same 1,000 GB to CloudFront and the S3 hop is $0 but CloudFront charges its own tier-1 rate of $0.085 — so $76.50 per month, plus you get caching. Push it through a VPC Gateway Endpoint to an EC2 worker in the same region and the cost is $0.
Scale to 50 TB of monthly internet egress and the same path becomes the first 100 GB free + 9,999.9 GB × $0.09 + 40,000 GB × $0.085 = $899.99 + $3,400 = $4,299.99 per month. Same workload via CloudFront drops to roughly $850 + $2,400 = $3,250 — a $1,000 monthly delta plus the cache hit ratio cutting origin reads further.
Storage is cheap; bandwidth out of AWS is not. The egress fee covers backbone-network capacity and the cross-connects AWS pays for at internet exchange points. Inbound transfer to S3 is free because every cloud subsidizes ingestion — they want your data on their disks. Once it is there, getting it back out is where the bill compounds. The egress line surprises teams more than storage itself, because storage scales with what you put in but egress scales with how often you read it.
S3 traffic from inside a VPC normally hits the public internet via an internet gateway or NAT, which incurs egress fees and NAT processing. A VPC Gateway Endpoint adds a private route from your VPC to S3 over the AWS backbone. The endpoint is free and there are no per-GB charges as long as the bucket is in the same region as the VPC. For data-heavy compute, this single change typically removes 30 to 70 percent of monthly NAT and egress charges. Same applies to DynamoDB.
Almost always for internet-facing workloads. S3 to CloudFront is free. CloudFront's egress tiers match S3's at the top tier ($0.085/GB North America for the first 10 TB) but drop faster at scale ($0.060 at 50 TB, $0.040 at 150 TB, $0.020 at 5 PB). For any workload over a few TB per month going to end users, fronting S3 with CloudFront beats direct egress on price AND gives you caching. The exception is one-off bulk downloads with no repeat-read pattern, where cache miss rate eliminates the caching benefit.
Data transfer IN to S3 — uploads, replication, anyone pushing bytes into your bucket — is free. AWS does not charge for ingestion. Data transfer OUT is what creates the bill, and OUT means leaving the AWS region or leaving AWS entirely. A GET from EC2 in the same region via a VPC endpoint is OUT zero. A GET from EC2 in a different region is OUT $0.02 per GB cross-region. A GET from a browser somewhere on the internet is OUT to internet at tiered pricing starting at $0.09 per GB. The destination determines the rate; the source is always your bucket.
No. Transfer volumes, destination selections, and rate math run locally in your browser. The page fires an anonymous pageview beacon and CTA-click events so we can measure whether the calculator is useful — no inputs, no email (unless you submit one to the cheat-sheet form), no IP stored raw.