1

I’ve noticed unexpectedly high costs in our AWS bill, specifically from NAT Gateway data transfer charges. After investigating, it seems the Redis backup Cron Jobs are the primary cause.

Here’s the setup:

  • Redis: in a node in private subnet in AZ A.
  • Backup Process: Regular backups to S3. generated by hourly Cron Jobs in the same private subnet in AZ A.

Redis architecture

Issue:

Every time a Redis backup is triggered, the data transfer through the NAT Gateway significantly increases, resulting in high charges. This is especially problematic because our database size is growing, and so are the backup-related costs.

What I’ve noticed:

  1. Alongside the spikes in NatGateway prices, the costs of these operations increased as well “CreateVolume-Gp2”, “CreateVolume-Gp3”, “PublicIp IN”, “InterZone OUT” and “createSnapshot”, the graph bellow is showing that.

Api operations costs

  1. Examined the workflow between Redis and other IPs, found out an eni in AZ B with the most frequent exchanges, so maybe that’s the responsible cause, but i still can’t find a way to confirm that. We can see below the list of the most frequent exchanges in 24 hours, 192.168.138.51 is the IP address of the Redis node:
  • found 192.168.220.133 to be an ENI in a different AZ B, but i can’t pinpoint to what it belongs.
  • found some public IP addresses generating a lot of flows. List of frequent exchanges

Here are additional infos about the ENI in AZ B

{ "NetworkInterfaces": [ { "Attachment": { "AttachTime": "2025-01-14T12:09:58+00:00", "AttachmentId": "eni-attach-013284cXXXXXX", "DeleteOnTermination": true, "DeviceIndex": 1, "NetworkCardIndex": 0, "InstanceOwnerId": "230607XXXXXX", "Status": "attached" }, "AvailabilityZone": "us-east-1b", "Description": "Amazon EKS fg-cluster-XXXXXX", "Groups": [ { "GroupName": "k8s-traffic-fgekscluster002-XXXXXX", "GroupId": "sg-07be3bb995XXXXXX" }, { "GroupName": "fg-eks-vpc-002-ControlPlaneSecurityGroup-XXXXXX", "GroupId": "sg-0e1f4379aXXXXXX" }, { "GroupName": "eks-cluster-sg-fg-cluster-XXXXXX", "GroupId": "sg-06b14fe6XXXXXX" }, { "GroupName": "eks-cluster-sg-fg-eks-cluster-XXXXXX", "GroupId": "sg-0df640384cXXXXXX" } ], "InterfaceType": "interface", "Ipv6Addresses": [], "MacAddress": "02:0d:31:XXXXXX", "NetworkInterfaceId": "eni-0c28dd4d2XXXXXX", "OwnerId": "230607XXXXXX", "PrivateDnsName": "ip-192-168-220-133.ec2.internal", "PrivateIpAddress": "192.168.220.133", "PrivateIpAddresses": [ { "Primary": true, "PrivateDnsName": "ip-192-168-220-133.ec2.internal", "PrivateIpAddress": "192.168.220.133" } ], "RequesterId": "230607XXXXXX", "RequesterManaged": true, "SourceDestCheck": true, "Status": "in-use", "SubnetId": "subnet-0bc15c5f1dXXXXXX", "TagSet": [], "VpcId": "vpc-08e55cbc5XXXXXX" } ] }

Questions:

  1. What could the cause of this actually be?
  2. How can i detail NAT Gateway pricing?
  3. Is it possible to filter between non-free traffic and free traffic?
  4. Is there a way to determine the source of that ENI in AZ B?
  5. could the public IP addresses be the cause?

Thanks in advance!

Improve this question
1
  • 1
    I'm not seeing a programming question here. This probably isn't the correct site for the question. However, your server has to go through the NAT Gateway to access S3 because S3 is a service that exists outside of your VPC. You could prevent that network traffic from going through the NAT Gateway by creating an S3 endpoint in your VPC. docs.aws.amazon.com/vpc/latest/privatelink/… Commented Jan 18 at 14:01
Load 3 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.