November 18, 2025
By Mathias Hansen
A cautionary tale about AWS VPC networking, NAT Gateways, and how a missing VPC Endpoint turned our S3 data transfers into an expensive lesson.
I've been using AWS since around 2007. Back then, EC2 storage was entirely ephemeral and stopping an instance meant losing all your data. The platform has come a long way since then.
Even after nearly two decades with the platform, there's always something new to learn. And sometimes those lessons come with a $1,000 price tag.
The setup
We recently moved over to using S3 for mirroring some large internal data files for Geocodio. We're talking about geographic datasets (things like address points, boundary data, and census information) that range from a few gigabytes to hundreds of gigabytes each. Some of these files are updated almost daily with fresh data, while others are refreshed less frequently. They need to be synced regularly from our ETL platform (which is hosted with Hetzner) to our processing infrastructure on AWS.
AWS has notoriously high data transfer costs. Cloudflare has written extensively about this, and it's a common complaint across the industry. Corey Quinn from Last Week in AWS has also called out the AWS Managed NAT Gateway for being particularly expensive. AWS charges $0.09 per GB for data transfer out to the internet from most regions, which adds up fast when you're moving terabytes of data.
So before starting this project, I did my homework. I carefully researched the costs involved and confirmed two critical things:
AWS still allows free transfer between EC2 instances and S3 (as long as they're in the same region) Transfers into S3 are free (this was important since the data comes from our ETL platform hosted with Hetzner)
... continue reading