This article addresses the fact that AWS Managed NAT Gateways are expensive and provides solutions on how to save money on your AWS bill by using NAT instances and VPC endpoints.
Most customers actively use pre-production environments like staging. AWS best practices call for keeping internal services private. This means these subnets must be private too.
These services often need internet access for updates and AWS API communication. To offer this without direct exposure, you need Network Address Translation (NAT).
AWS typically suggests the utilization of managed NAT Gateway(s) for such needs. On the other hand, in the context of pre-production environments, it’s worth noting that this might not always be the most cost-efficient solution.
AWS Managed NAT Gateways are expensive
AWS Managed NAT Gateways are expensive. The high cost of NAT Gateways comes from the hourly rate and data transfer charges.
In Ireland, a NAT Gateway costs roughly $35 per month. To ensure high availability, you need a NAT Gateway in each availability zone. With six private subnets in three zones, your monthly cost is about $105.
Consider data transfer costs too. At $0.048 per GB, an application transferring 5000GB to S3 monthly costs an extra $240.
Use Terraform module to save money on AWS
Use NAT instances for lower monthly costs
You can avoid having the monthly costs of a NAT Gateway by using the following Terraform module. Note you should only use this module on pre-production environments as it is not as scalable as a NAT Gateway.
This module uses EC2 spot instances in an autoscaling group. If you want to setup a NAT instance manually make sure to disable the source / destination check as mentioned here.
You can reduce the total costs of your monthly NAT charges to around 1$ per month with this approach.
Use VPC endpoins to save money on AWS
Use VPC endpoints to save on bandwidth charges
For AWS S3 you can use a Gateway VPC endpoint. Gateway endpoints for S3 are free and there are no additional charges for using this service.
If we go back to your example of 5000GB of S3 data transfer per month, this now would be free as you do not pay any bandwidth charges.
An S3 Gateway endpoint is always advisable for all your environments. Particularly due to the fact that it spares you from the significant data transfer costs associated with S3 and a NAT gateway.