12 strategies to reduce cloud egress costs

Eliminates 100% of NAT processing for these services

VPC Gateway Endpoints are free and route S3/DynamoDB traffic over the AWS backbone, completely bypassing NAT Gateway. This eliminates the $0.045/GB NAT processing charge for what is often your highest-volume traffic. Every VPC should have these enabled. Configuration takes less than 5 minutes via the console or a single CloudFormation/Terraform resource. No code changes required.

S3 to CloudFront is free + lower egress rates

CDN egress is cheaper than direct origin egress on all major providers. On AWS, S3 to CloudFront transfer is completely free, and CloudFront to internet is $0.085/GB versus $0.09/GB for direct S3 egress. More importantly, cached content at edge locations reduces origin traffic dramatically. A well-configured CDN with 80% cache hit rate reduces origin egress by 80%. For static assets, this is the single most impactful change after VPC endpoints.

30-70% data volume reduction

Enable compression on all text-based responses (HTML, CSS, JS, JSON, XML, CSV). Brotli achieves 15-25% better compression than gzip. On AWS, CloudFront supports automatic compression. On API endpoints, enable response compression in your application framework. For a workload serving 10TB/month of compressible content, brotli compression typically reduces actual bytes to 3-4TB, saving $540-630/month at AWS rates. Zero infrastructure changes required, just configuration.

100% egress elimination for storage workloads

Cloudflare R2 provides S3-compatible storage at $0.015/GB/month with zero egress fees. For workloads where egress is the primary cost driver (media serving, static assets, API responses from stored data), migrating to R2 eliminates the egress line item entirely. R2 uses the S3 API, so migration is often just changing an endpoint URL. At 10TB/month egress, switching from S3 to R2 saves approximately $900/month. The tradeoff is a less mature ecosystem and fewer features than S3.

$0.035/GB net savings per service vs NAT Gateway

Interface Endpoints for AWS services (SQS, SNS, CloudWatch, ECR, KMS, etc.) cost $0.01/GB + ~$21.90/month per AZ. Compared to routing through NAT Gateway ($0.045/GB), you save $0.035/GB on every byte. The break-even point is approximately 650GB/month per service in a single-AZ setup. For high-traffic services like ECR image pulls or CloudWatch metric submission, the savings are significant.

Up to 66% reduction in NAT Gateway fixed costs

Regional NAT Gateway serves multiple AZs from a single gateway, reducing from 3 gateways ($98.55/month hourly) to 1 ($32.85/month hourly) in a standard 3-AZ deployment. It also eliminates cross-AZ charges for NAT traffic. The per-GB processing fee ($0.045/GB) still applies. Best for workloads where NAT Gateway fixed costs are a significant portion of the bill.

$0.02/GB round trip eliminated

Cross-AZ transfer costs $0.01/GB each way ($0.02/GB round trip). Strategies include AZ-aware load balancing (prefer same-AZ backends), co-locating tightly coupled services, using AZ-local caches, and reducing chatty inter-service communication. This requires architectural changes but can save hundreds of dollars monthly for high-traffic internal services.

100% NAT elimination for IPv6 traffic

IPv6 addresses are publicly routable, eliminating the need for NAT entirely. AWS supports dual-stack VPCs, ALBs, EC2, Lambda, and most services. For internet-facing workloads, IPv6 provides immediate NAT cost savings with no per-GB charges. The main challenge is ensuring all clients support IPv6. A phased rollout starting with internal services is recommended.

50-80% reduction in origin requests

Implement caching at every layer: browser caching with appropriate Cache-Control headers, CDN caching at edge locations, Redis/ElastiCache for application-level caching, and API response caching. Each cache layer reduces the number of origin requests and therefore egress bytes. A well-implemented caching strategy can reduce origin traffic by 80% or more for read-heavy workloads.

10-25% discount on per-GB rates

At high volumes (typically 50-100TB+/month), cloud providers offer negotiated discounts. AWS Enterprise Discount Programs (EDP), Azure MACC, and GCP CUDs can reduce egress rates by 10-25%. Contact your cloud provider account manager or partner for specific thresholds. Even without formal programs, requesting a private pricing agreement is worth attempting at volumes above 20TB/month.

$0.02/GB vs $0.09/GB to on-premises

AWS Direct Connect egress costs $0.02/GB versus $0.09/GB for internet egress, a 78% reduction per GB. Azure ExpressRoute metered plans charge $0.025/GB. The port fees ($0.30/hr for 1Gbps Direct Connect) are recovered quickly at high volumes. The break-even point for a 1Gbps Direct Connect is approximately 2.5TB/month. For organisations transferring significant data between cloud and on-premises, this is one of the largest per-GB savings available.

Variable but potentially 30-50% overall reduction

Process data where it lives. Move computation to data rather than moving data to computation. Use edge compute (CloudFront Functions, Lambda@Edge, Cloudflare Workers) to process data at the edge rather than pulling it to a central region. Deploy read replicas in the same region as users. Use regional event processing instead of centralised pipelines. This requires the most architectural investment but delivers the largest long-term savings.

How much can I realistically save on cloud egress?

Most organisations can reduce egress costs by 40 to 80 percent by implementing the strategies in this guide. Quick wins like VPC Gateway Endpoints and CDN deployment typically save 20 to 30 percent with minimal effort. Migrating egress-heavy storage to Cloudflare R2 can eliminate storage egress entirely. The exact savings depend on your architecture, but every organisation has low-hanging fruit. A typical SaaS with a $4,300/month egress bill can often reduce it to $1,200-2,500/month.

What is the easiest way to reduce AWS egress costs?

The easiest and highest-impact change is enabling VPC Gateway Endpoints for S3 and DynamoDB. This is free, takes minutes to configure, and immediately eliminates NAT Gateway processing fees ($0.045/GB) for traffic to these services. The second easiest change is deploying CloudFront in front of S3 content, since S3 to CloudFront transfer is free. Both changes require minimal code changes and can be implemented in a single afternoon.

Is Cloudflare R2 a good replacement for S3?

Cloudflare R2 is an excellent replacement for S3 in egress-heavy use cases. R2 charges zero egress fees, uses the S3-compatible API, and costs $0.015/GB for storage. For a workload serving 10TB/month from storage, switching from S3 to R2 saves approximately $900/month in egress fees. R2 does have limitations compared to S3: fewer lifecycle policies, no cross-region replication, and a smaller ecosystem. But for static asset serving, media delivery, and backup storage, R2 is often the clear winner.

How does data compression reduce egress costs?

Data compression reduces the number of bytes transferred, directly lowering egress charges. Gzip typically achieves 60 to 80 percent compression on text-based content (HTML, CSS, JS, JSON, XML). Brotli achieves 15 to 25 percent better compression than gzip. For a workload transferring 10TB/month of API responses, enabling Brotli compression could reduce actual bytes transferred to 2-4TB, saving $540-720/month on AWS. CloudFront supports both gzip and Brotli natively.

Can I negotiate lower egress rates with cloud providers?

Yes, at scale. AWS Enterprise Discount Programs (EDP), Azure Microsoft Azure Consumption Commitments (MACC), and GCP Committed Use Discounts (CUDs) can reduce egress rates by 10 to 25 percent for high-volume customers. Typically, you need to commit to minimum monthly spend levels. AWS Private Pricing agreements at 100TB+/month can achieve significant per-GB discounts. Contact your cloud provider account manager for specific thresholds and discount levels.