While there is no additional charge for creating and using an Amazon Virtual Private Cloud (VPC) itself, you can pay for optional VPC capabilities with usage-based charges. AWS provides features and services that give you the ability to customize control, connectivity, monitoring, and security for your Amazon VPC. For specific pricing rates for these components, please see below.
Usage charges for other Amazon Web Services solutions, such as Amazon Elastic Compute Cloud (Amazon EC2), still apply at published rates for those resources, including data transfer charges. If you connect your VPC to your corporate datacenter using the optional hardware virtual private network (VPN) connection, pricing is per VPN connection-hour (the amount of time you have a VPN connection in the "available" state). Partial hours are billed as full hours, and data transferred over VPN connections will be charged at standard AWS Data Transfer rates.
If you choose to create a NAT gateway in your VPC, you are charged for each “NAT Gateway-hour" that your gateway is provisioned and available. Data processing charges apply for each gigabyte processed through the NAT gateway regardless of the traffic’s source or destination. Each partial NAT Gateway-hour consumed is billed as a full hour. You also incur standard AWS data transfer charges for all data transferred via the NAT gateway. If you no longer wish to be charged for a NAT gateway, simply delete your NAT gateway using the AWS Management Console, command line interface, or API.
NAT Gateway - Pricing example
Let’s assume you created a NAT gateway and you have an EC2 instance routing to the internet through the NAT gateway. Your EC2 instance behind the NAT gateway sends a 1 GB file to one of your Amazon Simple Storage Service (Amazon S3) buckets. The EC2 instance, NAT gateway, and S3 Bucket are in the same region of the US East (Ohio), and the NAT gateway and EC2 instance are in the same Availability Zone. We calculate your cost as follows:
Please visit the Data Transfer section of the Amazon EC2 Pricing page for more details.In summary, your charge will be $0.045 for 1 GB data processed by the NAT gateway, and a charge of $0.045 per hour will always apply once the NAT gateway is provisioned and available. The data transfer has no charge in this example. However, if you send the file to a non-AWS internet location instead, there will be a data transfer charge, as it is Data Transfer Out from Amazon EC2 to the internet.
- NAT Gateway Hourly Charge: NAT Gateway is charged on an hourly basis. For this region, the rate is $0.045 per hour.
- NAT Gateway Data Processing Charge: 1 GB data went through the NAT gateway. The Data Processing charge will result in a charge of $0.045.
- Data Transfer Charge: This is the standard EC2 Data Transfer charge. 1 GB data was transferred from the EC2 instance to S3 via the NAT gateway. There was no charge for the data transfer from the EC2 instance to S3, as it is Data Transfer Out to Amazon EC2 to S3 in the same region. There was also no charge for the data transfer between the NAT gateway and the EC2 instance since the traffic stays in the same Availability Zone using private IP addresses. There will be data transfer charges between your NAT gateway and EC2 instance if they are in a different Availability Zone.
Note: To avoid the NAT Gateway Data Processing charge in this example, you could set up a gateway Type VPC endpoint and route the traffic to/from S3 through the VPC endpoint instead of going through the NAT Gateway. There are no data processing or hourly charges for using Gateway Type VPC endpoints. For details on how to use VPC endpoints, please visit VPC Endpoints Documentation.
You pay an hourly rate for each active IP address that you manage using IP Address Manager (IPAM). An active IP address is defined as an IP address assigned to a resource such as an EC2 instance or an Elastic Network Interface (ENI). You only need to create a single IPAM for your organization since IPAM manages all the addresses across your AWS Organization and Regions. If you no longer wish to be charged for IPAM, simply delete your IPAM using the AWS Management Console, AWS Command Line Interface, or API.
IPAM - pricing example
Let us assume you assigned a /16 CIDR (65536 IP addresses) to your VPC but you are only using 5000 IP addresses on EC2 instances. These 5000 addresses are active for 30 days, 24 hours a day.
You will be charged only for the 5000 active IP addresses. Hourly price per active IP address is $0.00027.
5000 active IPs x 30 days x 24 hours x $0.00027 hourly charge = $972.
This will result in a monthly charge of $972.
Traffic Mirroring Pricing
If you choose to enable traffic mirroring on Amazon EC2 Instance elastic network interfaces (ENIs), you pay hourly for each ENI that is enabled with traffic mirroring. If you no longer wish to be charged for traffic mirroring, simply disable traffic mirroring on EC2 Instance ENIs using the AWS Management Console, command line interface, or API.
Traffic Mirroring – pricing example
You enable traffic mirroring sessions on five ENIs in your Amazon VPC in the US East (Ohio). Traffic mirroring sessions were active for 30 days, 24 hours a day. You will be charged on an hourly basis, for each hour the traffic mirroring sessions were active on ENIs for US East (Ohio) Region, the hourly rate is $0.015.
5 sessions x 30 days x 24 hr/day x $0.015 per session-hr = $54.
This will result is a charge of $54.
Reachability Analyzer Pricing
You pay for each time you analyze connectivity between a given source and destination using Reachability Analyzer.
Reachability Analyzer - pricing example
Let's assume you analyze the connectivity between two instances ten times
You will be charged for each analysis, the price per analysis processed is $0.10.
10 connections x $0.10 per connection = $1.
This will result in a charge of $1.
Network Access Analyzer Pricing
You pay for the number of Amazon EC2 Instance elastic network interfaces (ENIs) analyzed when you run a network assessment using Network Access Analyzer.
Network Access Analyzer - pricing example
Let’s say you run 5 network assessments using Network Access Analyzer, and each of those network assessments analyzed 1000 ENIs. You will be charged for each ENI that is analyzed.
5 network assessments x 1000 ENIs X $0.002 per ENI analysis = $10.
This will result in a charge of $10.