Domain 4 of 4 · Chapter 4 of 4

Cost-Optimized Network

Unlock the complete study guide + 1,040 practice questions across 16 full exams.

Bundled into the existing AWS Certified Solutions Architect – Associate premium course — no separate purchase.

Included in this chapter:

  • NAT Gateway cost optimization: per-AZ deployment vs central NAT
  • VPC Endpoint billing breakdown: hourly + per-GB processed
  • CloudFront egress pricing tiers and price classes
  • Worked example: cutting a $4k/month NAT bill in half with Gateway Endpoints
  • Cross-region replication frequency tradeoffs

Decision tree

Where does traffic go?To AWS serviceTo internetCross-AZS3 or DynamoDB?Cacheable content?Co-locate workloadin same AZ when possibleYesNoYesNoGateway Endpoint(free, S3/DDB only)Interface Endpoint(per-hour + per-GB)CloudFront(lower egress + cache)NAT Gateway(consolidate per-AZ)Always: VPC peering ≠ free across AZs; inter-AZ = $0.01/GB both ways
Cheat sheet

Cheat sheet

  • Egress dominates — keep traffic on the AWS backbone
  • Cache at the edge and minimize cross-AZ
  • Gateway Endpoints are FREE — Interface Endpoints have a per-hour charge
  • NAT Gateway costs: per-hour + per-GB processed + egress
  • Inter-AZ data transfer: charged BOTH WAYS
  • CloudFront egress is typically cheaper than EC2 egress
  • CloudFront price classes: 100 / 200 / All
  • Direct Connect Data Transfer Out (DTO) is much cheaper than internet

Unlock with Premium — includes all practice exams and the complete study guide.

References

  1. Amazon EC2 on-demand pricing (Data Transfer)
  2. Gateway endpoints (S3, DynamoDB)
  3. What is AWS PrivateLink (Interface endpoints)
  4. NAT gateways
  5. Amazon CloudFront overview
  6. VPC pricing (NAT Gateway rates)
  7. Amazon CloudFront pricing
  8. AWS Direct Connect pricing
  9. AWS PrivateLink and VPC Endpoints
  10. S3 Replication FAQ