What is data egress? A guide to cloud cost control

Today’s cloud providers make data ingress a straightforward and cost-effective process. Data egress, on the other hand, remains a significant and recurring business expense.

This guide explains the cost mechanics behind the fees and presents the technical solutions required to build a more predictable and cost-efficient architecture.

What is data egress?

Data egress is any data transfer out of a cloud provider’s network. This includes data moving to the public internet, a different cloud provider, or an on-premises data center.

In contrast, data ingress, or moving data into the network, is nearly always free. This asymmetrical pricing model is a deliberate business strategy, not a direct reflection of underlying costs.

What are data egress fees?

Egress fees are the charges cloud providers apply to any data transferred out of their networks. These data transfer costs function as a hidden tax on your architecture, disrupting budgets, enforcing vendor lock-in, and directly penalizing modern strategies like multi-cloud or hybrid-cloud deployments.

For data architects and cloud engineers, this creates a persistent challenge. The need for a flexible, best-fit technology stack is in direct conflict with the unpredictability of cloud costs. An effective strategy to control cloud egress requires a deliberate data architecture that minimizes unnecessary data movement.

Cloud providers eliminate the cost of entry to encourage service adoption and establish data gravity within their ecosystems. They apply fees only when data leaves.

While egress fees help monetize a provider's massive investment in global network infrastructure, their primary function is strategic. High data transfer costs create vendor lock-in by serving as a financial barrier to migration.

An organization with hundreds of terabytes or even petabytes of data faces a prohibitively expensive bill to move that data to a competing provider. This reality makes the organization’s data a captive asset and directly limits its operational and strategic freedom.

The consequences of this vendor lock-in include:

• Massive migration costs. The single largest obstacle to switching cloud providers is often the cost of moving the data, which can run into the tens or hundreds of thousands of dollars.
• Reduced negotiating leverage. When a provider knows it is too expensive for a customer to leave, they have less incentive to negotiate favorably on pricing for other services.
• Limited architectural flexibility. Data teams are discouraged from moving data to where it can generate the most value, forcing them to keep it within a single provider’s walls.
• Stifled innovation. The cost of egress can be high enough to prevent a company from adopting a best-in-class tool from another vendor, forcing them to use a "good enough" native service instead.

These limitations also impact how enterprise teams manage permissions and transparency across multi-cloud environments, especially when handling sensitive data or navigating compliance frameworks.

This financial model directly penalizes modern data architectures. Egress fees are a tax on multi-cloud strategies.

For example, a company may run its applications on Amazon Web Services (AWS) but wants to use Google Cloud’s BigQuery for analytics. Every data transfer between these services incurs egress charges. Similarly, hybrid architectures that connect on-premises systems to the cloud face continuous data transfer costs.

The result is forced architectural compromise, where data teams are financially pushed to consolidate within a single provider’s ecosystem, even when superior or more cost-effective tools exist elsewhere.

Cloud provider cost breakdown

Cloud providers price egress based on the destination. The cost per gigabyte is not a single, flat rate. Instead, providers categorize data transfers and apply a different price to each. This tiered structure is the foundation of all data transfer costs.

While recent regulatory pressure has forced providers to offer free egress for customers who are fully migrating their data away, the primary fee structures for all ongoing operations remain firmly in place.

There are 3 main categories of data egress:

• Egress to the internet. This is the most expensive transfer category. It covers any data moving from a cloud service, like an Amazon S3 bucket or an Azure Virtual Machine, to an end user or application over the public internet. Cloud providers include a small free tier, usually 100 GB per month, before tiered pricing applies.
• Inter-region egress. This category applies to data transferred between 2 regions within the same provider’s network, such as from us-east-1 to eu-west-1 in AWS. These transfers are essential for building geo-redundant backups, implementing disaster recovery strategies, and supporting globally distributed applications. The rates are lower than internet egress, but the costs for large or frequent transfers accumulate into a significant operational expense.
• Intra-region egress. These are the lowest-priced, yet most insidious, data transfer fees. They apply to data moving between different availability zones (AZs) within the same region. Modern, resilient architectures mandate the use of multiple AZs to ensure high availability. This architectural best practice means that routine traffic between application tiers, or between a primary database and its replicas, generates a constant stream of egress charges. These small, per-gigabyte fees become a substantial and often surprising line item on a monthly bill.

The following table compares the standard pay-as-you-go egress fees for AWS, Azure, and Google Cloud Platform within a typical U.S. region. All prices are per gigabyte.

Pricing is based on data sourced in October 2025 and is subject to change. Rates can vary by region and are based on transfers within North America.

Architectural solutions to control egress

A reactive approach to cloud computing and data egress costs is ineffective today, since architectural decisions have a direct impact on the total cost of ownership.

The only way to control data egress is through proactive architectural design that treats data transfer as a primary constraint. By deliberately engineering how data moves, data teams build predictable and cost-efficient systems that minimize egress fees from the start.

Most avoidable egress costs originate from a few common architectural patterns. Each problem has a specific technical solution.

Optimize cloud architecture

Resource placement dictates egress costs. Architectures that span multiple availability zones or regions for resilience and performance also generate a constant stream of inter-region and intra-region data transfer fees.

Consolidating a workload's resources within a single availability zone eliminates these transfer fees entirely. This architecture, however, creates a single point of failure and is unacceptable for most production systems.

A more balanced strategy requires a deliberate analysis of traffic patterns.

• Co-locate services that communicate frequently, like an application server and its database, to minimize cross-AZ traffic.
• Schedule large data replications for off-peak hours to avoid network contention with production traffic for workloads that involve multi-region disaster recovery or incident response.

Leverage private connections

Hybrid architectures that move data between on-premises data centers and the cloud over the public internet incur the highest possible egress fees. Cloud providers offer a superior alternative: dedicated interconnect services.

Products like AWS Direct Connect or Azure ExpressRoute create a private, high-bandwidth connection that bypasses the public internet.

These private connections also reduce exposure to public internet vulnerabilities, complementing enterprise firewalls and enhancing network security.

Enterprise-grade firewall rules can further restrict unauthorized data flows, reinforcing egress filtering strategies and protecting sensitive data during cloud uploads and transfers.

Providers bill data transferred over these dedicated connections at a significantly lower per-gigabyte rate. While these services have their own port and hourly fees, organizations with high-volume, predictable data transfer requirements achieve substantial savings.

For any hybrid strategy that depends on moving terabytes of data for backups, analytics, or business continuity, a private connection is a foundational and cost-effective architectural component.

Implement caching and CDNs

Serving static content or API responses to a global user base generates enormous egress volume. A Content Delivery Network (CDN) directly reduces these costs by caching data in edge locations around the world, physically closer to users.

The CDN serves a user's request from the nearest edge location instead of retrieving it from the origin server. This design reduces egress costs in 2 ways.

First, providers charge a much lower rate for data transfers from cloud storage, like Amazon S3, to their native CDN service. Second, the cache serves most requests, which drastically reduces the total data volume pulled from the origin server.

Services like Amazon CloudFront and Azure CDN are essential components for any application with a geographically distributed audience.

Minimize data volume

The most direct cost-control strategy is to move less data. While intelligent routing and resource placement are critical, reducing the total volume of data in motion provides a direct, proportional reduction in cost. Two techniques are fundamental: compression and Change Data Capture.

To minimize costs, always use a compression algorithm, like Gzip or Brotli, to reduce the size of the data before transferring it.

For data replication, a more sophisticated approach is necessary. Outdated data pipelines still rely on full-table replication, a brute-force method that copies the entire dataset in every cycle. This process generates massive, unnecessary data movement and excessive egress fees.

Change Data Capture (CDC) is the modern, vendor-neutral solution to this problem. CDC is a technique that identifies and captures only the incremental changes in a source database. These changes include all inserts, updates, and deletes.

Instead of copying the entire table, a CDC-based pipeline replicates only the small set of changes. This approach can reduce data transfer volume by more than 90%, making it a crucial strategy for any architecture that relies on frequent and cost-effective data synchronization.

Data egress management costs

Data egress costs are dynamic because they are a direct function of architectural design and application behavior. The per-gigabyte rates for data storage are predictable; the costs for data in motion are not. A new analytics pipeline, a change in a backup schedule, or a successful marketing campaign that increases user traffic can all trigger significant, unplanned expenses.

Cloud provider tools, such as AWS Cost Explorer, report on past spending, but they are reactive and lack architectural context. Proactive cost control requires modeling data movement before deployment.

This architectural analysis provides a baseline forecast that turns an unpredictable expense into a manageable line item. Build an effective forecast in 4 steps:

1. Deconstruct the data workflow. Map every transfer in a given process. For a new application feature, trace the path from the user request to the database, to the application server, and back to the user. For a data pipeline, map the movement from a source system to the data warehouse.
2. Classify each data transfer. Identify the type of egress for every leg of the workflow. Determine if the data moves between availability zones (intra-region), between different regions (inter-region), or out to the public internet. You must apply the correct price for each classification.
3. Estimate transfer volume and frequency. Establish the core variables for the cost model. Calculate the average data payload for each transfer, such as 50 kilobytes per API response or 10 gigabytes per hourly database replication. Then, estimate the frequency of each transfer.
4. Calculate the total cost. To calculate the total operational cost of the new feature, multiply the estimated data volume by its frequency and the provider's egress price. Summing these individual calculations will provide a clear and justifiable forecast.

This methodology integrates cost analysis directly into the design process. It makes financial forecasting an architectural discipline and a core responsibility of the engineering team.

Control egress costs with Fivetran

Cloud egress fees are a direct consequence of architectural design. They are a predictable tax on inefficient data movement, and the only effective response is a technical one. A deliberate data architecture, built on intelligent resource placement and a foundational commitment to minimizing data volume, is the most effective form of cloud cost control.

The principles are clear, but the execution is a significant engineering challenge. Building and maintaining resilient, low-latency Change Data Capture pipelines is a continuous operational burden. It diverts elite engineering talent from core product development to the non-differentiating work of infrastructure management.

Automation solves this engineering problem. Fivetran streamlines the complex Change Data Capture pipelines required for a cost-effective architecture. We eliminate the need for custom development and constant oversight, which returns your most valuable engineering resources to the work that matters: building your product.

[CTA_MODULE]