Cloud Network Cost Visibility

Network costs are the most overlooked line item on a cloud bill. They’re buried in data transfer charges, NAT Gateway fees, and cross-region replication costs that don’t show up as a single obvious service. Xplorr surfaces them in one place.

What network costs Xplorr tracks

Cost type	What it is	Typical range
Egress	Data leaving your cloud to the internet	$0.08–0.12/GB (AWS)
Inter-AZ transfer	Data moving between availability zones in the same region	$0.01/GB each direction
Cross-region transfer	Data moving between regions	$0.02–0.09/GB depending on regions
CDN (CloudFront / Azure CDN / Cloud CDN)	Content delivery network charges	$0.01–0.085/GB depending on edge location
VPN	Site-to-site and client VPN data processing	$0.04–0.05/GB
VPC peering	Data transfer across peered VPCs	$0.01/GB same-region, $0.02/GB cross-region
NAT Gateway	Data processing fees for NAT Gateways	$0.045/GB + $0.045/hr (AWS)

Per-provider breakdown

Open Network Costs from the left sidebar in the console. The view is broken down by provider:

AWS network costs — pulled from Cost Explorer, grouped by:

DataTransfer-Out-Bytes (egress)
DataTransfer-Regional-Bytes (inter-AZ)
NatGateway line items
CloudFront distribution costs

Azure network costs — pulled from cost management exports:

Bandwidth (egress)
VPN Gateway data processing
Azure CDN
Virtual network peering

GCP network costs — pulled from BigQuery billing export:

Network egress (premium vs standard tier)
Inter-region and inter-zone transfer
Cloud CDN
Cloud VPN

Top cost drivers

Xplorr ranks your network costs by spend and highlights the top drivers. The usual suspects:

NAT Gateway processing fees — by far the most common surprise. Every byte that flows through a NAT Gateway incurs a per-GB processing fee on top of the hourly charge. A single NAT Gateway processing 1.5 TB/month costs about $67.50 in processing alone, plus $32.40/month in hourly fees.
Cross-AZ traffic from service mesh or microservices — if your pods/instances talk to services in other AZs, you pay $0.01/GB in each direction. At scale, this adds up fast.
S3 egress — serving files directly from S3 to the internet without CloudFront costs $0.09/GB. A 1 TB/month download pattern costs $92/month.
Cross-region replication — RDS read replicas, S3 cross-region replication, or DynamoDB global tables all incur transfer charges.

Real-world example

A team noticed their AWS bill had a $2,100/month line item they couldn’t explain. Xplorr’s network cost view showed:

NAT Gateway — us-east-1 Hourly charges: $32.40/month (1 NAT Gateway) Data processing: $2,067/month (45.9 TB processed)

The root cause: an application was pulling container images from a public ECR registry through the NAT Gateway on every deployment, plus a monitoring agent was sending logs to an external SaaS through the NAT Gateway instead of using a VPC endpoint.

Fixes applied:

Added a VPC endpoint for ECR — eliminated image pull traffic through NAT ($800/month saved)
Added a VPC endpoint for the monitoring SaaS — eliminated log traffic through NAT ($600/month saved)
Moved S3 access to a gateway endpoint — free, no data processing charge ($400/month saved)

Total savings: $1,800/month from three VPC endpoint configurations.

How to reduce network costs

Use VPC endpoints (AWS)

VPC endpoints let traffic stay within the AWS network instead of going through a NAT Gateway or the public internet:

Gateway endpoints (S3, DynamoDB) — free, no data processing charges
Interface endpoints (ECR, CloudWatch, SQS, etc.) — $0.01/hour + $0.01/GB, but still cheaper than NAT Gateway at scale

# Create a gateway endpoint for S3
aws ec2 create-vpc-endpoint \
  --vpc-id vpc-abc123 \
  --service-name com.amazonaws.us-east-1.s3 \
  --route-table-ids rtb-abc123

Minimize cross-AZ traffic

Use topology-aware routing in Kubernetes to prefer same-AZ communication
Place read replicas in the same AZ as the application that reads from them
Use AZ-affinity settings in your load balancer target groups

Put CloudFront in front of S3

If you serve files from S3 to the internet, CloudFront’s data transfer rates are lower than S3 direct egress ($0.085/GB vs $0.09/GB for the first 10 TB), and you get caching for free.

Review NAT Gateway traffic regularly

Use VPC Flow Logs to identify what’s flowing through your NAT Gateways. The Xplorr network cost view flags NAT Gateways with high processing fees, but flow logs tell you exactly which destination IPs/ports are responsible.

Common mistakes

Running one NAT Gateway per AZ “for availability” without checking traffic. If only one AZ has significant outbound traffic, the other NAT Gateways just cost $32/month each for nothing.
Assuming VPC peering is free. Same-region peering has a $0.01/GB charge in each direction. Cross-region is $0.02/GB.
Ignoring inter-AZ charges in microservice architectures. A service-mesh with 100 requests/sec averaging 10 KB each across AZs costs roughly $52/month. Multiply by 20 services and it’s over $1,000/month.

FAQ

Does Xplorr show network costs per service? Yes. The network cost view breaks down by service — you can see how much of your EC2 bill is data transfer vs compute.

Can I get alerts on network cost spikes? Anomaly detection covers network costs. If your NAT Gateway spend suddenly doubles, you’ll get an anomaly alert.

How granular is the data? Daily granularity per service and per region. For per-resource network costs, you’ll need VPC Flow Logs — Xplorr shows the aggregated billing-level data.

Does this work for multi-account setups? Yes. Network costs are broken down per account, and you can see cross-account data transfer costs if your accounts are connected.

Key takeaways

NAT Gateway processing fees are the most common source of unexpected network costs. Audit them first.
VPC endpoints (especially S3 gateway endpoints) are free and can save hundreds per month.
Cross-AZ traffic is cheap per GB but expensive at scale in microservice architectures.
Use the Xplorr network cost view as a starting point, then dive into VPC Flow Logs for per-resource detail.