AWS NAT Gateway cost calculator

Why NAT shows up in audits so often

NAT Gateway is the AWS service teams budget least and overspend most. The hourly fee is small. The per-GB processing fee is what gets you. Every byte your private subnets push through NAT, regardless of destination, is metered.

The fix is rarely a single change. It is a route-table audit, a VPC endpoint rollout, and a small Terraform diff that nobody scheduled. We do it as part of the 14-day audit and hand the engineer a one-page playbook.

Frequently asked

• Why is NAT Gateway often a top-three line item?

  Every workload in a private subnet that touches the internet routes through NAT, including container image pulls, package updates, and SaaS API calls. The data-processing fee charges per GB regardless of destination, so a single misconfigured route can ship internal traffic through NAT and double the bill overnight.

• What is the typical regional rate?

  In most US regions the NAT Gateway hourly rate is around $0.045 per hour and the data-processing rate is $0.045 per GB. Europe and Asia regions sit slightly higher. Override the defaults if you have a Private Pricing Agreement with different rates.

• How do I reduce NAT cost without breaking workloads?

  Use VPC endpoints for AWS-native traffic so S3, DynamoDB, ECR, and SSM bypass NAT entirely. Route same-region traffic through internal endpoints rather than public DNS. Audit egress patterns for cross-AZ chatty workloads that should run in a single AZ.