I'm working to cut down on our data transfer costs at my organization. Currently, we have a centralized egress setup with three NAT gateways (one for each availability zone) in our Networking account. Each of our other accounts connects to this setup via a transit gateway for outbound traffic.
We're currently seeing a monthly usage of 80 TB, and as we grow, that number is likely to go up. I'm wondering if switching to a self-hosted NAT instance is a smart move or if I could run into unexpected limitations. Could this be a cost-effective solution?
5 Answers
Given your heavy usage, moving to your own NAT gateway could be worthwhile. Alternatively, consider using egress-only Internet Gateways if you're on IPv6 (they're free!). Or, if most of your traffic is to AWS services, think about using services like S3 gateway endpoints to streamline it. In my opinion, unless you're pushing near 80 TB, I'd likely stick with the managed NAT.
One concern might be reaching the packet per second (PPS) limit on your instance. The throughput should be fine, but to test it out, spin up an EC2 next to your NAT gateway, switch the routing, and monitor how it performs. If things go downhill, you can just revert the change!
Using your own NAT instance can definitely work, especially if you're looking to save costs. It's a common setup. Just keep in mind that your experience can vary based on several factors, so it really depends on your specific circumstances. Check out fck-nat.dev for some insights!
Oh, by the way, 'fck' stands for Flexible Connection Keeper, just in case you were wondering!
Thanks for the suggestion!
Just a heads up, even with your own NAT, you'll still incur traffic costs. You’ll save on the NAT gateway fees, but keep in mind that the managed NAT has its own egress costs (like 5 cents per GB processed) that would still apply.
But remember, a single EC2 instance won't match the redundancy and scalability of a NAT Gateway across three AZs. If you're growing, you might hit that limit down the line.