Data Processing Fees: The Hidden Part of NAT Gateway Pricing

One of the most frequent questions we get is: “Does the NAT Gateway charge for data coming IN from the internet, or just data going OUT?”

The answer is: Both.

And it charges for both directions of the same request.

The “Processing” Definition

AWS defines the charge as “Data Processed.” Since the NAT Gateway has to translate the IP address for every packet that passes through it—whether it’s leaving your VPC or returning to it—you pay for every byte.

The Double Whammy Example

Let’s say your server downloads a 1GB file from an external API.

1. Request (Out): You send a tiny HTTP GET request (~1KB). -> Charged.
2. Response (In): The external server sends 1GB of data back. -> Charged.

Total processed: ~1.000001 GB. Cost: $0.045.

Compare this to Data Transfer

Data Transfer (the internet bandwidth fee) is usually only charged for Egress (Data Out). Data coming IN to AWS is free.

• Downloading 1GB file directly to Public Subnet: $0.00 (Free Data In).
• Downloading 1GB file via NAT Gateway: $0.045 (NAT Processing Fee).

This is why NAT Gateways are so dangerous for data-heavy applications. You turn “Free Data In” into “Paid Data Processing.”

[!IMPORTANT] Avoid the processing fee. If you are ingesting massive datasets (TB/PB) from the internet, try to place those workers in a Public Subnet so they don’t need a NAT Gateway. You will save thousands.

Not sure if you can move them? Model the cost difference on the NAT Gateway Cost Calculator.