You can create AWS PrivateLink endpoints to enable private connectivity to a service that is either owned by AWS or owned by an AWS customer or partner. You will be billed for each hour that your VPC endpoint remains provisioned in each Availability Zone, irrespective of the state of its association with the service (learn more). Such hourly billing for your VPC endpoint will stop when you delete it. Hourly billing will also stop if the endpoint service owner rejects your VPC endpoint’s attachment to their service, and that service is subsequently deleted. Such VPC endpoints cannot be reused and you should delete them.
Data processing charges apply for each Gigabyte processed through the VPC endpoint regardless of the traffic’s source or destination. Each partial VPC endpoint-hour consumed is billed as a full hour. Irrespective of the association state of the VPC endpoint, you will incur data transfer charges if you send data to a VPC endpoint.
There are two different AWS PrivateLink endpoints you can choose to use: Interface endpoints and Gateway Load Balancer Endpoints. The rates you are charged depend on the type of endpoint you use as follows:
Interface Endpoint pricing
You can use interface endpoints to privately and securely access services like AWS services, internal application services or SaaS services that are running outside your VPC.
Below pricing tiers apply on the total data processed by all Interface Endpoints in an AWS Region:
|Data Processed per month in an AWS Region||Pricing per GB of Data Processed ($)|
|First 1 PB||$0.01|
|Next 4 PB||$0.006|
|Anything over 5 PB||$0.004|
Some AWS services may optionally include the cost of interface VPC endpoints associated with their service in the cost of their service, and you may not see these costs directly identified in your bill. Such cases will be identified in each of those service’s pricing information.
Gateway Load Balancer Endpoint pricing
You can use gateway load balancer endpoints to privately and securely inject in-line network and security services, such as firewalls, intrusion detection and prevention systems, monitoring, analytics and others, running outside your VPC into your traffic flow.