Why is AWS egress so expensive?

AWS charges $0.09/GB for data leaving its network to the internet on the first 10TB/month. The fee exists because AWS designed the platform to keep data inside (compute and storage are cheap, leaving is expensive). For a normal SaaS this is fine. For a viral moment, a video upload site, or a public API serving large responses, it becomes the dominant line. CDN egress (CloudFront) is $0.085/GB and 1,000× faster — there's almost no reason to serve user traffic direct from origin.

How do I prevent a surprise AWS bill?

Three rules. (1) Set AWS Budgets with email alerts at 50%, 80%, 100% of expected bill. (2) Put ALL user-facing traffic through CloudFront — never serve large files direct from S3 or EC2. (3) Watch the NAT Gateway: $0.045/hour + $0.045/GB. Forgot a NAT Gateway running in a private subnet for 2 weeks? $200+ bill for nothing.

When do reserved instances actually save money?

When your compute is steady and predictable. 1-year RI gives ~30% off on-demand pricing for compute. If you're running 4 vCPUs 24/7 in production, RI saves $440/year on a $1,460 base. If your traffic is spiky and you autoscale frequently, RI commits to capacity you might not always need — savings disappear or invert. Rule of thumb: commit to your minimum baseline, leave the spike capacity on-demand.

$30/Month AWS Bill Becomes $480 the Week Your Side Project Goes Viral (the Egress Trap)

The Story Every Indie Hacker Has

You launched the side project on $30/month AWS — a t3.medium, an S3 bucket, maybe a small RDS. Numbers feel reasonable. Hacker News picks it up Friday afternoon. By Monday your bill alert goes off and you discover $480 of egress charges.

This is the canonical “egress trap.” Let’s run the math.

Normal week: $30/month

Service	Usage	Cost
1 vCPU compute	730 hours/mo	$30.40
S3 storage	20 GB	$0.46
Direct egress	30 GB/mo	$2.70
Monthly bill		$33.56

Your side project is sustainable. You’re proud. You ship features.

Viral week: 5,000 GB egress in 4 days

The Hacker News crowd lands. Each visitor downloads ~50MB of the demo video served direct from S3. You get 100,000 views before the front page falls off.

Service	Usage	Cost
1 vCPU compute	730 hours/mo	$30.40
S3 storage	20 GB	$0.46
Direct egress	5,030 GB/mo	$452.70
Monthly bill		$483.56

Egress went from 8% of the bill to 94% of the bill. The compute, storage, and code didn’t change — only one variable shifted, and your bill is 14× higher.

Why egress is the killer

Three things make egress the worst line:

It scales linearly with success. Compute scales with what you provision. Egress scales with what users do. Going viral means hitting the egress line hard with no warning.
The unit price is high relative to what users perceive. A user thinks “I downloaded a 50MB video.” You see “$0.0045 wire transferred to AWS.” Multiply by 100K and that’s real money.
Most developers don’t have alerts on it. AWS Budgets defaults to total spend; egress doesn’t have its own alert by default. By the time the bill arrives, the damage is done.

The CDN fix

CloudFront / Cloud CDN / Front Door egress is $0.085/GB for the first 10TB — slightly cheaper than direct egress. But the real win isn’t the per-GB price; it’s three structural advantages:

Aspect	Direct from origin	Through CDN
Per-GB price	$0.090	$0.085
Latency	100-300ms (single region)	5-50ms (edge)
Origin load	Every request hits your server	Cache hit ratio 80-95% on static assets
DDoS protection	Manual	Built-in
5,000 GB/month	$450	$425 + reduced compute (you serve 90% fewer requests)

For static assets — images, videos, JS bundles, CSS — there’s almost no reason to serve from origin. CloudFront’s free tier covers 1TB/month for the first year. After that the cost is similar but you’ve also reduced your origin load by 90%, meaning lower compute cost too.

The other surprise: NAT Gateway

We didn’t model this in the calculator because it’s situational, but it bites people often:

$0.045/hour fixed = $32.85/month per NAT Gateway, just running
$0.045/GB processed = matches direct egress

If you set up a private subnet (best practice) and put a NAT Gateway in front, then walk away for a weekend without traffic, you still pay $32.85 for the empty NAT. With traffic, the $0.045/GB processed compounds with regular egress to make every byte twice as expensive.

The fix: use NAT Instance (cheap EC2) for hobby workloads, or VPC endpoints for AWS-internal traffic.

What growing SaaS bills actually look like

We modeled three scale points to anchor expectations:

Scale	vCPU	Storage	Egress	DB	CDN	Monthly
Solo project (5 users)	1	20 GB	30 GB	None	50 GB	$37
Early SaaS (1K users)	2	100 GB	100 GB	50 GB	500 GB	$190
Growing SaaS (10K users)	4	500 GB	200 GB	100 GB	1,500 GB	$310
Heavy traffic SaaS (100K users)	16	2 TB	1 TB	500 GB	8 TB	$1,580

The pattern: cost grows roughly linearly with users, but only if you’ve moved egress to CDN. Without CDN, egress becomes super-linear with growth and dominates the bill.

When reserved instances pay off

A 4-vCPU production fleet running 24/7:

Strategy	Monthly compute	Annual
All on-demand	$121	$1,460
50% on 1-year RI	$103	$1,231
100% on 1-year RI	$85	$1,015
Savings (100% RI)	$36/mo	$444/yr

The trade-off: 1-year RI commits you to that capacity even if you scale down. Don’t commit 100% unless your traffic is genuinely steady. 50-70% commit + on-demand for spikes is the typical sweet spot.

For 16-vCPU production scale, the 50% commit saves $1,776/year — equivalent to a quarter of an indie hacker’s annual revenue at MRR $4-5K.

Where this calculator falls short

No NAT Gateway / Load Balancer / monitoring modeled. These can add 10-30% on real bills. Use AWS Cost Explorer post-launch to validate.
GCP/Azure pricing differs by 5-15%. We use AWS as baseline. The structural advice (move egress to CDN, RI for stable compute) applies identically.
Free tier not modeled. AWS free tier covers 750 hours/month of t2.micro for the first 12 months — enough to run a hobby project free. The calculator gives you the post-free-tier number.
Spot instances not modeled. 60-80% off on-demand for interruptible workloads. Useful for batch processing, ML training, dev environments. Rarely used by indie hackers because of complexity.

What to actually do

Run your specific stack through the calculator with realistic numbers, not aspirational ones.
Set AWS Budgets with email alerts at 50% / 80% / 100% of the expected monthly bill — before you launch.
Move all user-facing traffic through CDN. No exceptions for “static” or “small” — small files multiply.
Audit NAT Gateway monthly. It’s the most common $50-200 hidden line.
Commit RI when stable: once you’ve run the same compute fleet for 3+ months, 50% RI commit saves real money with no downside.

Open the Cloud Bill Estimator → and run your specific stack. The egress line is the one to scrutinize — it’s where every viral moment becomes an unexpected invoice.