What are cloud egress fees and why do they matter?
Cloud egress fees are the per-gigabyte charges your cloud provider bills you for moving data out of their network, whether to the public internet, to another region, or to a different cloud. They are the single most overlooked line on an AWS, Azure, or Google Cloud invoice, and in 2026 they are quietly turning predictable cloud budgets into quarterly surprises across Northern NJ. We have seen Parsippany-area clients walk in expecting a $4,000 monthly cloud bill and walk out with a $9,600 one because a new analytics tool started reading from S3 every fifteen minutes. If you are not actively measuring egress, you are not actually managing your cloud spend.
This guide explains how egress is priced, where it hides, and the specific moves we make with our clients to bring it back under control.
How are egress fees actually priced?
The pricing model is simple to describe and brutal in practice. AWS, Azure, and Google Cloud each charge nothing to ingest data, charge a small fee for traffic between availability zones in the same region, charge a larger fee for traffic between regions, and charge the most for traffic leaving the cloud entirely. As of April 2026, AWS internet egress on standard tiers ranges from $0.05 to $0.09 per GB depending on volume. Azure and Google sit in roughly the same band. Inter-region transfer typically costs $0.02 per GB. Cross-AZ transfer is $0.01 per GB on most providers.
These per-gigabyte rates sound trivial. The problem is that modern workloads move terabytes without anyone noticing. A backup job replicating a 2 TB file share to a second region every night is $1,200 per month in inter-region fees alone. An AI pipeline reading 500 GB of training data daily from object storage to a compute cluster in another region is $300 per month. A poorly configured CDN that misses cache 30% of the time on a video-heavy site can quietly add thousands.
The EU Data Act took effect in early 2025 and forced the hyperscalers to waive egress fees for customers fully exiting their cloud. The U.S. has no equivalent rule, and routine operational egress, the kind that hits NJ businesses every day, is still fully billable.
Where do egress fees hide on a typical cloud bill?
Five patterns account for the vast majority of surprise egress charges we find during audits.
Cross-region replication that nobody documented. A previous admin enabled cross-region S3 replication or geo-redundant storage for resilience and never told anyone. The bill grows as the data grows.
NAT Gateway traffic counted twice. AWS NAT Gateways charge per GB processed in addition to the egress fee on whatever leaves through them. Workloads pulling from public APIs, container registries, or package repositories all flow through these gateways. We have seen NAT processing fees alone exceed $2,000 per month on accounts that never noticed.
VPC endpoint gaps. If your workload can talk to AWS services through VPC endpoints but is not configured to, the traffic routes through the public internet path and gets billed accordingly. Adding a single S3 gateway endpoint is free and often eliminates 30 to 50% of egress charges immediately.
Multi-AZ database chatter. RDS Multi-AZ, Azure Zone Redundant SQL, and Google Cloud SQL HA all replicate synchronously across availability zones. The replication traffic itself is billed on most provider tiers. Larger databases with high write volume can rack up hundreds in cross-AZ fees per month.
Logging and observability stacks. Datadog, New Relic, Splunk, and even native CloudWatch Logs all egress data out of your VPC to their ingestion endpoints. A verbose logging configuration on a fleet of 50 instances will quietly transfer hundreds of GB per day.
How do we audit egress for NJ clients?
Our standard egress audit takes about a week and follows the same four steps regardless of provider.
First, we pull the last 90 days of detailed billing data and split it by data transfer SKU. AWS Cost and Usage Reports, Azure Cost Analysis, and GCP Detailed Billing all expose the line items. We rank them from largest to smallest in absolute dollars and percentage of total spend.
Second, we map each line item to a specific workload. The billing data tells us which region, gateway, or service generated the charge. From there we trace it back to an application owner. About a third of the time, the workload is one nobody remembered was still running.
Third, we model alternatives. The fix for one egress line is rarely the fix for another. We typically see a mix of cheaper architectures (VPC endpoints, CloudFront in front of S3 for repeat reads, regional consolidation), changed processes (compress backups before transfer, batch instead of stream, prune retention), and in some cases a workload move. The most common move is replicating less, not replicating to cheaper storage.
Fourth, we put alerting in place. Every cloud provider supports per-account or per-tag spending alerts. We set them at 110% and 125% of the prior month's egress total and send them to both the IT team and finance. A surprise bill is much less surprising when you get a Slack message at $50 over plan instead of $5,000 over plan.
This kind of work is part of the broader cloud solutions practice we run for clients across Northern NJ.
What architectural changes cut egress the fastest?
Three patterns produce the biggest, most predictable savings.
Use VPC and service endpoints aggressively. Any traffic that can stay inside the cloud provider's private backbone should. AWS S3 Gateway Endpoints, Azure Private Endpoints, and Google Private Service Connect are all free or near-free, and they often eliminate the largest single line item on the bill.
Push reads to a CDN. CloudFront, Azure Front Door, and Cloud CDN all charge less for cached data than direct origin reads, and a 70 to 90% cache hit rate is realistic for most static assets. The math gets compelling quickly when you are serving any kind of media or downloadable file.
Co-locate compute and storage. The cheapest byte is the one that never leaves the rack. Workloads that read large objects repeatedly from object storage should run in the same region, ideally the same availability zone, as the data. Splitting a workload across regions for redundancy is a defensible choice. Splitting it accidentally because someone provisioned an instance in the wrong place is just an expensive mistake.
When does egress make repatriation pencil out?
We have written about cloud repatriation in a separate post, but egress is the single number that flips the math most often. If a workload generates more than 10 TB of internet egress per month at standard rates, that is roughly $700 to $900 in transfer fees alone, on top of compute and storage. A modest colocation arrangement at one of the Parsippany or Clifton-area data centers can include 100 to 1,000 Mbps of unmetered bandwidth for a flat fee that often pays for itself within 18 months on egress alone, before factoring in any compute savings.
Repatriation is not the right answer for most workloads. Egress audits, however, almost always pay for themselves within the first month.
Frequently Asked Questions
Is data transfer between AWS regions cheaper than egress to the internet?
Yes, but not by enough to ignore. Inter-region transfer typically costs around $0.02 per GB versus $0.05 to $0.09 per GB for internet egress. At terabyte scale, $0.02 still adds up fast. Treat inter-region replication as a real cost line, not a free convenience.
Are cloud providers ever going to drop egress fees?
The EU Data Act forced limited reductions in 2025, but only for customers fully exiting a cloud. Inside the cloud, providers compete on compute and storage prices and quietly leave egress alone because it creates lock-in. Do not plan around fee cuts. Plan around your own architecture.
How often should we audit egress?
Quarterly at minimum, and after any significant architectural change. New analytics tools, new backup configurations, new monitoring agents, and new third-party integrations are the four most common triggers for an unexpected egress jump. Building a quick monthly review into your IT operations cadence catches problems before they show up on a CFO's desk.