The $0.045/GB NAT Gateway tax
NAT Gateway can cost more than the egress itself. $0.045/GB processing plus $0.045/hr per gateway. A 10 TB / month workload pays $483/month in NAT fees alone, on top of standard internet egress. Use the calculator for base rates, then add these for the real total.
NAT Gateway Pricing Breakdown
NAT Gateway has three cost components: an hourly charge for each gateway, a per-GB processing fee on all data, and cross-AZ transfer charges if traffic crosses availability zone boundaries. All three are separate from internet egress fees.
NAT Gateway Cost at Scale
Here is what a single NAT Gateway costs at different monthly data volumes, including cross-AZ charges. These are NAT Gateway fees only, not including the internet egress charges that apply on top.
| Monthly Volume | Processing Fee | Hourly Fee | Cross-AZ | Total NAT Cost | Effective Rate |
|---|---|---|---|---|---|
| 1 TB | $45 | $32.85 | $10 | $88 | $0.088/GB |
| 5 TB | $225 | $32.85 | $50 | $308 | $0.062/GB |
| 10 TB | $450 | $32.85 | $100 | $583 | $0.058/GB |
| 50 TB | $2,250 | $32.85 | $500 | $2,783 | $0.056/GB |
| 100 TB | $4,500 | $32.85 | $1,000 | $5,533 | $0.055/GB |
Cross-AZ column assumes traffic originating from a different AZ than the NAT Gateway. Source: AWS VPC Pricing. Verified April 2026.
NAT Gateway Alternatives Comparison
There are several alternatives to managed NAT Gateway, each with different cost, throughput, and management trade-offs. The right choice depends on your traffic volume and reliability requirements.
| Alternative | Cost | Throughput | Availability | Best For |
|---|---|---|---|---|
| NAT Gateway (managed) | $0.045/GB + $0.045/hr | Up to 100 Gbps | High (multi-AZ with Regional) | Production workloads needing high throughput and reliability |
| NAT Instance (t3.nano) | ~$3.80/mo (no per-GB fee) | Up to 5 Gbps | Single instance (manual HA) | Dev/staging, low-traffic workloads, cost-sensitive environments |
| fck-nat (open source) | ~$3.80/mo (t3.nano) | Up to 5 Gbps | Auto-healing with ASG | Cost-sensitive production, teams comfortable with open source |
| IPv6 (dual-stack) | $0 (no NAT needed) | Unlimited | Native (no SPOF) | Internet-facing workloads, new architectures, long-term cost reduction |
| VPC Gateway Endpoints | $0 (S3 + DynamoDB only) | Unlimited | Managed by AWS | S3 and DynamoDB traffic (should always be enabled) |
| VPC Interface Endpoints | $0.01/GB + ~$0.01/hr | Up to 100 Gbps | Managed per-AZ | AWS service traffic (SQS, SNS, CloudWatch, ECR, etc.) |
Step-by-Step NAT Gateway Optimization Guide
Follow these six steps in order to systematically reduce or eliminate NAT Gateway costs. Start with the easiest wins and progress to architectural changes.
Enable VPC Gateway Endpoints for S3 and DynamoDB
EasyEliminates all NAT processing for S3/DynamoDB traffic
Gateway Endpoints are free and take minutes to configure. They route S3 and DynamoDB traffic over the AWS backbone, completely bypassing NAT Gateway. There is zero downside and zero cost. This should be the first thing you do in every VPC.
Audit NAT Gateway traffic with VPC Flow Logs
EasyIdentifies traffic that can be redirected
Enable VPC Flow Logs on your NAT Gateway ENI to see exactly what traffic is flowing through it. Common findings: S3 traffic that should be using Gateway Endpoints, AWS API calls that can use Interface Endpoints, and external monitoring agents that can use VPC endpoints instead.
Deploy Interface Endpoints for high-traffic AWS services
Medium$0.035/GB net savings per service (NAT $0.045 - Endpoint $0.01)
For AWS services you call frequently (CloudWatch, ECR, SQS, SNS, KMS), Interface Endpoints cost less than routing through NAT Gateway. Calculate break-even: the hourly cost of an Interface Endpoint (~$21.90/mo per AZ) is recovered if the service generates more than ~650GB/month of traffic.
Evaluate Regional NAT Gateway
MediumUp to 66% reduction in hourly costs + eliminates cross-AZ charges
Regional NAT Gateway serves multiple AZs from a single gateway, reducing from 3 gateways to 1 in a standard 3-AZ deployment. This eliminates $65.70/month in hourly charges and removes cross-AZ transfer fees for NAT traffic. The per-GB processing fee still applies.
Adopt IPv6 for internet-facing workloads
Medium100% NAT elimination for IPv6 traffic
IPv6 addresses are publicly routable, eliminating the need for NAT entirely. AWS supports dual-stack VPCs, ALBs, and most services. The main challenge is ensuring all clients support IPv6. For internal services and APIs, this provides immediate NAT cost savings with no per-GB charges.
Use NAT Instances or fck-nat for non-production
Easy~90% reduction for dev/staging environments
Development and staging environments rarely need the throughput or HA of managed NAT Gateway. A t3.nano NAT Instance costs $3.80/month with no per-GB fee. fck-nat is an open-source alternative that provides auto-healing via Auto Scaling Groups. Both save hundreds of dollars per month per environment.
Related Guides
Frequently Asked Questions
How much does AWS NAT Gateway cost per month?
AWS NAT Gateway costs $0.045 per hour (approximately $32.85/month) plus $0.045 per GB of data processed. At 10TB/month, the total cost is approximately $483/month ($32.85 hourly + $450 processing). At 50TB/month, it is approximately $2,283/month. If traffic crosses AZ boundaries to reach the NAT Gateway, add another $0.01/GB. These charges are in addition to standard internet egress fees.
What is the difference between NAT Gateway and NAT Instance?
NAT Gateway is a managed AWS service that provides high availability and scales automatically up to 100 Gbps. NAT Instance is a self-managed EC2 instance running NAT software. NAT Gateway costs $0.045/GB + $0.045/hr, while a NAT Instance (t3.nano) costs approximately $3.80/month with no per-GB processing fee. NAT Instances are dramatically cheaper for low-to-medium traffic but require manual management, do not auto-scale, and have lower throughput limits.
What is Regional NAT Gateway and how does it save money?
Regional NAT Gateway, introduced in 2025, allows a single NAT Gateway to serve multiple Availability Zones within a region. Previously, you needed one NAT Gateway per AZ for high availability, costing $32.85/month each. Regional NAT Gateway reduces this to a single gateway, cutting fixed costs by up to 66 percent in a 3-AZ deployment while eliminating cross-AZ charges for NAT traffic. The per-GB processing fee ($0.045/GB) still applies.
How can I eliminate NAT Gateway costs on AWS?
The most effective strategies are: enable VPC Gateway Endpoints for S3 and DynamoDB traffic (free, eliminates all NAT processing for these services); use Interface Endpoints for other AWS services like SQS, SNS, and CloudWatch; adopt IPv6 for internet-facing workloads (eliminates NAT entirely); and use fck-nat or NAT instances for development and staging environments where high availability is less critical.
Does NAT Gateway charge on top of internet egress fees?
Yes. NAT Gateway processing fees are entirely separate from and additive to internet egress charges. If you send 10GB through a NAT Gateway to the internet, you pay $0.045/GB NAT processing ($0.45) plus $0.09/GB internet egress ($0.90) for a total of $1.35. If the NAT Gateway is in a different AZ, add another $0.01/GB cross-AZ charge ($0.10). The effective cost of internet egress through a NAT Gateway is $0.135-0.145/GB, not the headline $0.09/GB.
Prices verified from AWS VPC Pricing. Last verified April 2026.