While there is no additional charge for creating and using an Amazon Virtual Private Cloud (VPC) itself, you can pay for optional VPC capabilities with usage-based charges. AWS provides features and services that give you the ability to customize control, connectivity, monitoring, and security for your Amazon VPC. For specific pricing rates for these components, please see below.

Usage charges for other Amazon Web Services solutions, such as Amazon Elastic Compute Cloud (Amazon EC2), still apply at published rates for those resources, including data transfer charges. If you connect your VPC to your corporate data center using the optional hardware virtual private network (VPN) connection, pricing is per VPN connection-hour (the amount of time you have a VPN connection in the "available" state). Partial hours are billed as full hours, and data transferred over VPN connections will be charged at standard AWS Data Transfer rates.  

  • NAT Gateway
  • NAT Gateway Pricing

    If you choose to create a NAT gateway in your VPC, you are charged for each “NAT Gateway-hour" that your gateway is provisioned and available. Data processing charges apply for each gigabyte processed through the NAT gateway regardless of the traffic’s source or destination. Each partial NAT Gateway-hour consumed is billed as a full hour. You also incur standard AWS data transfer charges for all data transferred via the NAT gateway. If you no longer wish to be charged for a NAT gateway, simply delete your NAT gateway using the AWS Management Console, command line interface, or API.

    Region

    NAT Gateway - Pricing example

    Let’s assume you created a NAT gateway and you have an EC2 instance routing to the internet through the NAT gateway. Your EC2 instance behind the NAT gateway sends a 1 GB file to one of your Amazon Simple Storage Service (Amazon S3) buckets. The EC2 instance, NAT gateway, and S3 Bucket are in the same region of the US East (Ohio), and the NAT gateway and EC2 instance are in the same Availability Zone. We calculate your cost as follows:

    • NAT Gateway Hourly Charge: NAT Gateway is charged on an hourly basis. For this region, the rate is $0.045 per hour.
    • NAT Gateway Data Processing Charge: 1 GB data went through the NAT gateway. The Data Processing charge will result in a charge of $0.045.
    • Data Transfer Charge: This is the standard EC2 Data Transfer charge. 1 GB data was transferred from the EC2 instance to S3 via the NAT gateway. There was no charge for the data transfer from the EC2 instance to S3, as it is Data Transfer Out to Amazon EC2 to S3 in the same region. There was also no charge for the data transfer between the NAT gateway and the EC2 instance since the traffic stays in the same Availability Zone using private IP addresses. There will be data transfer charges between your NAT gateway and EC2 instance if they are in a different Availability Zone.
     
    Please visit the Data Transfer section of the Amazon EC2 Pricing page for more details.
     
    In summary, your charge will be $0.045 for 1 GB data processed by the NAT gateway, and a charge of $0.045 per hour will always apply once the NAT gateway is provisioned and available. The data transfer has no charge in this example. However, if you send the file to a non-AWS internet location instead, there will be a data transfer charge, as it is Data Transfer Out from Amazon EC2 to the internet.
     
    Note: To avoid the NAT Gateway Data Processing charge in this example, you could set up a gateway Type VPC endpoint and route the traffic to/from S3 through the VPC endpoint instead of going through the NAT Gateway. There are no data processing or hourly charges for using Gateway Type VPC endpoints. For details on how to use VPC endpoints, please visit VPC Endpoints Documentation.
  • IPAM
  • Amazon VPC IP Address Manager (IPAM) makes it easier for you to plan, track, and monitor IP addresses for your AWS workloads. IPAM is offered in two tiers:

    IPAM Free Tier
    Use the Free Tier of IPAM to simplify IP address management for resources in a single AWS Region and account. In the Free Tier, you get the ability to manage Bring Your Own IP addresses (BYOIP v4 and v6) and Amazon provided contiguous IPv6 addresses. You also get visibility into your Public IPv4 usage through Public IP Insights. Please refer table below for a list of features available in the Free Tier. When you use the Free Tier, you do not pay for your usage of IPAM. However, you still pay for any other AWS service that you are using.

    IPAM Advanced Tier
    Use the Advanced Tier to simplify IP address management for resources across two or more AWS Regions or accounts. In the Advanced Tier, you get additional capabilities like private IPv4 management and auditing IP history. Please refer table below for a list of features available in the Advanced Tier. When you use the Advanced Tier, you pay an hourly rate of $0.00027 for each active IP address managed in IPAM.

    Region

    Compare features across the two tiers

    Features

    IPAM Free Tier

    IPAM Advanced Tier

     

    For IP address management in a single AWS Region and account

    For IP address management across two or more AWS Regions or accounts

    Bring Your Own IP Address

    Available

    Available

    Amazon provided contiguous IPv6 blocks

    Available

    Available

    Public IP Insights

    Available

    Available

    Bring Your Own ASN Available Available

    Private IPv4 management

    Not Available

    Available

    Share IPAM pools with AWS accounts

    Not Available

    Available

    Audit IP history

    Not Available

    Available

    Note:

    (1) Any feature not listed in the table above is available only in the Advanced tier

    (2) Public IP Insights is available for two or more Regions and accounts in your AWS Org even in the Free Tier of IPAM

    IP Address Manager Pricing for Advanced Tier

    An active IP address is defined as an IP address or a prefix assigned to a resource such as an EC2 instance or an Elastic Network Interface (ENI). For example, you have a VPC with a /16 CIDR (65,536 IPv4 addresses) assigned to it, out of which you have assigned 2,000 IP addresses to resources such as ENIs. IPAM will consider the 2,000 IP addresses as active and will only charge you for those. Also, if you have assigned a /28 IPv4 prefix or /80 IPv6 prefix to an ENI, IPAM will consider it as a single active address attachment and only charge you for the single unit.

    IPAM tracks and monitors all the IP addresses assigned to resources in your VPCs, even if they are not part of an IPAM IP address pool. For example, you may have created ENIs with IP addresses in the past that do not belong to an existing IPAM pool. IPAM will still track the IP addresses (assignments, overlaps, etc.) and charge you for the active IP addresses. If you no longer wish to be charged for IPAM, simply delete your IPAM using the AWS Management Console, AWS Command Line Interface, or API.

    IPAM - Pricing Example 1:

    In this example, you have 100 VPCs in your account, each with 10 Amazon provided active IPv4 addresses. You also have /24 (512 IP addresses) BYOIP addresses in your account, out of which 200 are active, used as Elastic IP addresses (EIP). You create a Free Tier IPAM in your account to manage your BYOIP addresses.

    Total active IPs: 100 VPCs with 10 IPs each + 200 BYOIP = 1,200 IPs

    You are charged $0 for the above IPAM usage since you have created your IPAM in the Free Tier. You may still get charged for the Amazon provided IPv4 addresses or any other AWS service that you are using in your environment.

    IPAM - Pricing Example 2:

    In this example, you have one existing VPC with a /16 CIDR (65,536 IPv4 addresses) assigned to it, out of which you are using 2000 IP addresses on EC2 instances. Now, you create an IPAM in the Advanced Tier, in your account, and use it to assign a /16 CIDR (65,536 IPv4 addresses) to a new VPC, and use 5,000 IP addresses on EC2 instances in this VPC.

    Total active IP addresses are 7,000 (2,000 + 5,000), and these addresses are active for 30 days, 24 hours a day. You will be charged for the 7000 active IP addresses.

    Hourly price per active IP address is $0.00027.

    7000 active IP addresses x 30 days x 24 hours x $0.00027 hourly charge = $1,360.80.

    This will result in a monthly charge of $1,360.80.

    IPAM - Pricing Example 3:

    In this example, you have a /28 prefix (16 IPv4 addresses) assigned to each of your 50 network interfaces, and you have /80 (approximately 300 trillion IPv6 addresses) prefix assigned to 100 other network interfaces in your VPC. Each prefix that you assign to a network interface counts as a single active address attachment for IPAM. You also have 1,000 IPv4 addresses that are assigned to EC2 instances in the VPC. Also, other member accounts in your AWS Organization have a total of 10,000 active IPs. You create an Advanced Tier IPAM that is integrated with your AWS Organization.

    Hourly price per active IP address is $0.00027.

    (50 prefixes + 100 prefixes + 1,000 IP addresses + 10,000 IPs from member accounts) x 30 days x 24 hours x $0.00027 hourly charge = $2,167.56

    This will result in a monthly charge of $2,167.56.

  • Network Analysis
  • Traffic Mirroring Pricing

    If you choose to enable traffic mirroring on Amazon EC2 Instance elastic network interfaces (ENIs), ENI owner pays hourly for each ENI that is enabled with traffic mirroring. If you no longer wish to be charged for traffic mirroring, delete the traffic mirroring session associated to the instance/ENI using the AWS Management Console, command line interface, or API.

    Note: You'll continue to be charged for Traffic Mirroring until you delete all active traffic mirror sessions. For example, you'll still be charged in the following scenarios:

    1. You detached the network interface from the mirror source but do not delete the relevant traffic mirroring session.
    2. You stopped or terminated the mirror source but do not delete the relevant traffic mirroring session.
    3. You changed the instance type of the mirror source to an unsupported instance type but do not delete the relevant traffic mirroring session.
    Region

    Traffic Mirroring – pricing example

    You enable traffic mirroring sessions on five ENIs in your Amazon VPC in the US East (Ohio). Traffic mirroring sessions were active for 30 days, 24 hours a day. You will be charged on an hourly basis, for each hour the traffic mirroring sessions were active on ENIs for US East (Ohio) Region, the hourly rate is $0.015.

    5 sessions x 30 days x 24 hr/day x $0.015 per session-hr = $54. 

    This will result is a charge of $54.

    If account A shared subnet-1 with account B, account B then created an eni-1 in subnet-1, and account A then enabled traffic mirroring on eni-1, account B will be charged for the traffic mirroring usage.


    Reachability Analyzer Pricing

     

    Region

    Reachability Analyzer - pricing example

    Let's assume you analyze the connectivity between two instances ten times.
    You will be charged for each analysis, the price per analysis processed is $0.10.

    10 connections x $0.10 per connection = $1.

    This will result in a charge of $1.

    Note: There are no additional charges for using Reachability Analyzer with Amazon Q network troubleshooting during preview. For additional information on pricing, visit the Amazon Q pricing page.


    Network Access Analyzer Pricing

    You pay for the number of Amazon EC2 Instance elastic network interfaces (ENIs) analyzed when you run a network assessment using Network Access Analyzer.

    Region

    Network Access Analyzer - pricing example

    Let’s say you run 5 network assessments using Network Access Analyzer, and each of those network assessments analyzed 1000 ENIs. You will be charged for each ENI that is analyzed.

    5 network assessments x 1000 ENIs X $0.002 per ENI analysis = $10.

    This will result in a charge of $10.

  • Public IPv4 Address
    • What is a public IPv4 address?
      A public IPv4 address is an IPv4 address that is routable from the internet. A public IPv4 address is necessary for a resource to be directly reachable from the internet over IPv4.
    • How do public IPv4 address work with AWS services?
      Nearly all resources you launch in your VPC come with an IP address for connectivity. While the vast majority of resources in your VPC use private IPv4 addresses (RFC1918), resources that require direct access to the internet over IPv4 use public IPv4 address. For example, EC2 instances that launch in a default VPC come with a public IPv4 address. You use Elastic IP addresses and attach them to resources such as Elastic Load Balancer, NAT Gateway etc. Also, there are AWS services such as Amazon EKS, Amazon EMR, Amazon ECS, Amazon RDS, Amazon Workspaces that create resources in your VPC with public IPv4 addresses associated with them to provide internet connectivity. Finally, there are public IPv4 address that you use with services such as AWS Global Accelerator, AWS Site-to-Site VPN that may not directly be in their VPC but are associated with AWS resources they use.
    • What type of public IPv4 address is charged?
      Any public IPv4 address associated with a resource launched in an Amazon VPC, and public IPv4 addresses assigned to AWS Global Accelerator and AWS Site-to-Site VPN tunnel endpoints are charged as in-use public IPv4 address. Any public IPv4 address associated to your AWS account that is not used on a resource is charged as idle public IPv4 address. Public IPv4 addresses that are not dedicated to your resource are not charged; for example, public IPv4 addresses associated with Amazon S3 that are not dedicated per S3 bucket. For a list of AWS services where you are charged for public IPv4 addresses, refer to the public IPv4 documentation page.
    • How does public IPv4 address pricing work?
      You pay an hourly rate for each public IPv4 address used by your AWS account. The price is the same whether the public IPv4 address is in-use public IPv4 addresses that is associated with an AWS resource you own, or an idle public IPv4 addresses in your AWS account not associated with any AWS resources.

      Hourly charge for In-use Public IPv4 Address $0.005
      Hourly charge for Idle Public IPv4 Address $0.005


    Public IPv4 address - Pricing example 1

    In this example, you have
    • Three Amazon EC2 instances, with one in-use public IPv4 address each
    • One Elastic load balancer with two in-use public IPv4 address
    • One Amazon RDS database that has one in-use public IPv4 address
    • Four Idle Elastic IP addresses in your AWS account.
    Total in-use public IPv4 addresses are 6 (3+2+1), and these addresses are active for 30 days, 24 hours a day. You will be charged for the 6 in-use public IPv4 addresses.
    Total idle public IPv4 addresses are 4, and these addresses are active for 30 days, 24 hours a day. You will be charged for the 4 idle public IPv4 addresses.
    Hourly Price per in-use public IPv4 address is $0.005
    Hourly Price per idle public IPv4 address is $0.005

    6 in-use public IPv4 addresses x 30 days x 24 hours x $0.005 hourly charge = $21.60.
    4 idle public IPv4 addresses x 30 days x 24 hours x $0.005 hourly charge = $14.40.

    This will result in a monthly charge of $36.00

    Public IPv4 address - Pricing example 2

    In this example, you have
    • One AWS Global Accelerator that provides two static IPv4 addresses
    • Five Elastic IP addresses associated to EC2 instances.
    Total in-use public IPv4 addresses are 7 (2+5), and these addresses are active for 30 days, 24 hours a day. You will be charged for the 7 in-use public IPv4 addresses.

    Hourly Price per in-use public IPv4 address is $0.005

    7 in-use public IPv4 addresses x 30 days x 24 hours x $0.005 hourly charge = $25.20.

    This will result in a monthly charge of $25.20

    • In what AWS locations does public IPv4 address pricing apply?
      In-use and idle public IPv4 address pricing applies across all AWS commercial, US GovCloud, and AWS China regions, and AWS Local Zones.
    • What public IPv4 address is not charged?
      You can bring your IPv4 space to AWS with Bring Your Own IP (BYOIP) or Customer-owned IP addresses (COIP) feature (only available at AWS Outpost). These public IPv4 addresses are not charged.
    • How can I monitor public IPv4 address that I use?
      You can monitor your public IPv4 usage with Public IP Insights, an Amazon VPC IP Address Manager feature that allows you to track, manage and monitor public IPv4 addresses across your AWS accounts in an AWS organization. This also enables you to identify where you have IPv4 address that you are not actively using for your AWS resource today to release it back to AWS and avoid the charge. You can also find opportunities to reduce how many IPv4 addresses a particular application is using by looking at aggregate usage across resources.
    • How can I track public IPv4 address usage and estimate charges?
      AWS Cost and Usage Reports allow you to track your public IPv4 usage and aggregate the information either by the hour, day, or month. You can also choose to include individual resource IDs that contain the ID of the resource that you provisioned to use the public IPv4 address. The IPv4 efficiency blog explains how you can estimate charges.