VPC Egress Charges Surprise
"Why is our AWS bill so high? We're barely using any compute."
Answer: NAT Gateway data processing charges.
What was happening:
- All external API calls went through NAT Gateway
- $0.045 per GB processed
- Our ML pipeline downloaded 500GB of training data daily
- NAT Gateway bill: $675/day
- Monthly: $20,250 just for data processing
The architecture problem:
- Private subnets for "security"
- Everything routed through NAT Gateway
- S3 downloads going internet → NAT → private subnet
The fix:
- S3 VPC endpoint for training data (free!)
- Private subnets for internal services
- NAT only for services that actually need internet
- VPC endpoints for AWS services (DynamoDB, SQS, etc.)
Result: $20,250/month → $1,200/month.
Lesson: VPC endpoints exist. Use them. They're free for S3 (Gateway endpoint) and cheap for others.