Most engineers searching for "internet gateway cost" expect to find an hourly or per-GB fee. The answer surprises them:
The costs on your bill come from the data transfer flowing through the gateway — not the gateway itself. Understanding this distinction is what makes AWS networking costs confusing for most teams.
What Internet Gateway Actually Is (and Isn't)
An Internet Gateway (IGW) is a horizontally-scaled, redundant AWS-managed component that allows communication between your VPC and the internet. AWS doesn't charge for the gateway because it doesn't provision dedicated hardware for you — it's shared infrastructure.
What AWS does charge for is the EC2 data transfer that flows through the gateway. That charge is billed against the EC2 service, not the VPC service, which is why it doesn't show up as "Internet Gateway" on your bill.
Internet Gateway Pricing: The Real Numbers
| Component | Cost | Notes |
|---|---|---|
| Internet Gateway (IGW) | $0.00 | No hourly charge, no per-GB charge |
| EC2 egress to internet (0–10 TB/mo) | $0.09/GB | us-east-1 rate |
| EC2 egress to internet (10–50 TB/mo) | $0.085/GB | Volume discount kicks in |
| EC2 egress to internet (50–150 TB/mo) | $0.07/GB | |
| Inbound from internet | $0.00 | Ingress is always free |
On your AWS bill these charges appear as DataTransfer-Out-Bytes under the EC2 service, not under VPC. This is the source of the confusion — you're looking for an internet gateway line item that doesn't exist.
Internet Gateway vs NAT Gateway: Cost Comparison
This is where many teams get confused. Both gateways handle internet traffic, but they serve different purposes and have very different cost structures.
| Internet Gateway | NAT Gateway | |
|---|---|---|
| Gateway hourly fee | $0 | $0.045/hr ($32.85/mo) |
| Data processing fee | $0 | $0.045/GB |
| Data transfer (egress) | $0.09/GB | $0.09/GB (via EC2) |
| Used by | Public subnets (EC2 with public IP) | Private subnets |
| Cost for 1 TB internet egress | $92.16 | $138.24 ($46.08 NAT + $92.16 egress) |
Where Internet Egress Costs Come From in Practice
Internet egress through an IGW is charged to the EC2 instance sending the traffic. Common sources that appear on bills:
- EC2 instances in public subnets serving web traffic to users
- Application Load Balancers responding to client requests
- EC2 downloading from the internet — package managers, Docker pulls from Docker Hub, GitHub
- S3 via IGW — if your S3 buckets are public or you haven't added a VPC endpoint, S3 traffic from private subnets goes through NAT and then out via IGW
The last point is critical. S3 is the most common hidden source of internet egress cost. When EC2 in a private subnet calls S3 without a VPC endpoint, the traffic goes: EC2 → NAT Gateway → Internet Gateway → S3. You pay both NAT processing and EC2 egress, even though S3 is an AWS service.
How to Find Your Internet Egress Cost
In AWS Cost Explorer, filter by Service = "EC2" and Usage Type = "DataTransfer-Out-Bytes". This shows total egress. To find which instances are responsible, you need VPC Flow Logs:
# Find top egress sources by IP
SELECT srcaddr, sum(bytes)/1073741824.0 as gb
FROM vpc_flow_logs
WHERE year='2026' AND month='06'
AND action='ACCEPT'
AND dstaddr NOT LIKE '10.%'
AND dstaddr NOT LIKE '172.16.%'
AND dstaddr NOT LIKE '192.168.%'
GROUP BY srcaddr
ORDER BY gb DESC
LIMIT 20;This query filters to internet-destined traffic (excluding RFC 1918 private ranges) and shows your top 20 egress sources by GB. The srcaddr values are the private IPs of your EC2 instances or NAT Gateways.
How to Reduce Internet Egress Costs
- S3 VPC Gateway Endpoint — eliminates S3 egress charges entirely for same-region S3. Free.
- CloudFront in front of EC2 — CloudFront-to-origin traffic is free. CloudFront egress to users is cheaper than direct EC2 egress at volume.
- Cache aggressively — every cache hit is a byte you don't pay egress on.
- Compress responses — gzip/brotli compression reduces bytes transferred.
- Move workloads closer to users — cross-region egress ($0.02/GB) adds up on top of standard egress.
Getting Started
Register at basavytix.com/netway
Run the CloudFormation deploy — Netway gets read-only access to your VPC configuration and flow logs
Netway identifies S3-via-NAT patterns, cross-AZ traffic, and other egress waste automatically
Each finding includes estimated monthly savings and the exact CLI command to fix it
Related Articles
→ AWS NAT Gateway Pricing: Full Cost Breakdown → AWS NAT Gateway Costs: Why Your Bill Is Too High → How to Read VPC Flow LogsFrequently Asked Questions
Does AWS Internet Gateway cost money?
The Internet Gateway itself is free — no hourly charge and no per-GB gateway fee. What costs money is the EC2 data transfer flowing through it: $0.09/GB for internet egress in us-east-1. That charge appears under the EC2 service as DataTransfer-Out-Bytes, not under VPC or IGW.
What is AWS Internet Gateway pricing?
Internet Gateway itself: $0. Data transfer out to internet: $0.09/GB for first 10 TB/month, $0.085/GB for next 40 TB, $0.07/GB beyond 150 TB (us-east-1 rates). Inbound data transfer from the internet is always free.
What is the difference between Internet Gateway and NAT Gateway cost?
Internet Gateway has no hourly fee and no per-GB fee — you only pay EC2 egress ($0.09/GB). NAT Gateway adds $0.045/hr + $0.045/GB on top. Private subnet traffic going to the internet pays both NAT processing and EC2 egress, totaling $0.135/GB vs $0.09/GB for public subnet traffic through IGW.
Is inbound traffic through Internet Gateway free in AWS?
Yes. Data transfer into AWS from the internet (ingress) is free in all regions. You only pay for outbound transfers (egress). This applies whether traffic enters through an Internet Gateway, a NAT Gateway, or a CloudFront distribution.
How do I reduce AWS internet egress costs?
Add a free S3 VPC Gateway Endpoint to stop S3 traffic from going through NAT and out via IGW. Put CloudFront in front of your EC2 instances — CloudFront egress is cheaper at volume and origin-pull traffic is free. Compress API responses to reduce bytes transferred per request.