Optimizing Network Traffic and Cost in AWS During Migration

Optimizing Network Traffic and Cost in AWS During Migration

Explore network traffic solutions to optimize and reduce cost while moving your workloads to AWS

Marin Frankovic
Amazon Employee
Published May 18, 2024
Migrating to Amazon Web Services (AWS) offers a plethora of benefits, including scalability, flexibility, and cost-effectiveness. However, if not properly managed, network traffic and associated costs can quickly escalate. This article will go into strategies for optimizing network traffic and minimizing network costs when transitioning to AWS.
Data cost during migration comes from several different aspects. In this article we will dive in some of them and give best practices recommendation for different scenarios.

Understanding AWS Network Costs

AWS charges for data transfer between different regions, Availability Zones (AZs), and out to the internet. Understanding these costs is crucial for effective optimization:
  • Data Transfer IN: Generally free.
  • Data Transfer OUT: Charged based on the destination (internet, different regions, or different AZs).
  • Inter-AZ Traffic: Charged at a lower rate but still contributes to overall costs.
  • Inter-Region Traffic: Typically, the most expensive.
AWS customers receive 100 GB of free data transfer out to the internet free each month, aggregated across all AWS Services and Regions (except China and GovCloud).EU customers may request reduced data transfer rates for eligible use cases under the European Data Act. Please contact AWS Customer Support for more information.

Strategies for Optimizing Network Traffic and Cost

Let’s discuss some available strategies on how to optimize network costs and keep them under control.
Leverage AWS Direct Connect
AWS Direct Connect establishes a dedicated network connection from your premises to AWS. This offers several advantages:
  • Reduced Bandwidth Costs: Lower data transfer rates compared to public internet transfers.
  • Increased Bandwidth: More consistent and higher bandwidth options.
  • Enhanced Security: A private connection improves data security.
AWS Direct Connect
Transit Gateway
For complex architectures, AWS Transit Gateway enables you to connect VPCs and on-premises network via a central hub, which can be more cost-effective for large-scale networks.
AWS Transit Gateway is a centralized routing service that simplifies and scales the connectivity between multiple VPCs and on-premises networks. It reduces network complexity by providing a single connection point and advanced routing capabilities, supporting multi-region peering and integrating with AWS security services. This service enhances network management, scalability, and cost efficiency for enterprises.
AWS Transit Gateway Hub and spoke
AWS Storage gateway
AWS Storage Gateway is a hybrid cloud storage service that provides on-premises applications with seamless integration to AWS cloud storage. It offers three types of gateways—File Gateway, Volume Gateway, and Tape Gateway—to cater to different use cases like file storage, block storage, and backup to virtual tapes. This service helps organizations extend their on-premises storage to the cloud, enabling efficient data backup, disaster recovery, and cloud data migration while maintaining low-latency access to frequently used data.
Pricing for different types of gateways can be found on pricing page (https://aws.amazon.com/storagegateway/pricing/).
AWS File Gateway
AWS File Gateway
Best used in scenarios where you need to integrate on-premises applications with cloud storage while maintaining local access to data. Specific use cases include:
  • File Storage and Backup: Ideal for storing and backing up file-based data to Amazon S3, enabling scalable, durable, and cost-effective storage for files used by on-premises applications.
  • Hybrid Cloud Workloads: Suitable for environments where you have applications that require low-latency access to data stored in the cloud, such as content management systems, media workflows, and data analytics.
  • Disaster Recovery: Facilitates offsite backups and disaster recovery by seamlessly replicating data to AWS, ensuring that data is protected and can be easily recovered in the event of a local failure.
  • Data Migration: Useful for migrating existing file-based data to the cloud, providing a seamless way to transfer large amounts of data without disrupting ongoing operations.
  • Cloud Bursting: Supports scenarios where you temporarily need additional processing capacity in the cloud while keeping the primary data storage on-premises, allowing for efficient scaling during peak workloads.
By using AWS File Gateway, organizations can leverage the scalability and durability of AWS cloud storage while maintaining the performance and low-latency access required by on-premises applications.
AWS Volume Gateway
AWS Volume Gateway
Best used in scenarios where you need to extend your on-premises block storage to the AWS cloud, providing seamless integration for backup, disaster recovery, and data migration. Specific use cases include:
  • Backup and Restore: Volume Gateway is ideal for creating consistent backups of on-premises data to AWS. It allows you to store snapshots in Amazon S3 and create Amazon EBS volumes from these snapshots for restoration.
  • Disaster Recovery: It provides a robust solution for disaster recovery by replicating your on-premises volumes to the AWS cloud, ensuring that you can quickly restore your data and applications in case of an on-premises failure.
  • Data Migration: Useful for migrating block storage data to the cloud, allowing you to transition existing workloads to AWS without downtime. Volume Gateway can move data gradually to minimize disruption.
  • Hybrid Cloud Storage: Suitable for scenarios where you need low-latency access to frequently used data on-premises while leveraging the cloud for cost-effective, scalable storage of less frequently accessed data.
  • Development and Testing: Facilitates the creation of consistent environments for development and testing by allowing you to use cloud-based snapshots of on-premises volumes, ensuring that testing environments closely match production.
Using AWS Volume Gateway helps organizations maintain the performance of on-premises applications while benefiting from the scalability, durability, and cost-effectiveness of cloud storage.
AWS Tape Gateway
AWS Tape Gateway
Best used in scenarios where you need to transition from physical tape-based backup and archive systems to a more scalable, cost-effective, and durable cloud-based solution. Specific use cases include:
  • Tape Backup Replacement: Ideal for organizations looking to replace their physical tape infrastructure with a virtual tape library that integrates with existing backup software, reducing the complexity and cost associated with managing physical tapes.
  • Archiving: Suitable for long-term data archiving needs, where data needs to be retained for compliance or regulatory reasons. Tape Gateway stores virtual tapes in Amazon S3 and can transition them to Amazon S3 Glacier or S3 Glacier Deep Archive for cost-effective, long-term storage.
  • Disaster Recovery: Provides a robust disaster recovery solution by securely storing virtual tape backups in the cloud, ensuring that data can be quickly and reliably restored in case of an on-premises failure.
  • Offsite Data Storage: Facilitates offsite storage requirements by securely and efficiently transferring virtual tape backups to AWS, eliminating the need to physically transport tapes to an offsite location.
  • Data Migration: Useful for migrating existing tape archives to the cloud, allowing organizations to consolidate their backup data in AWS and simplify data management.
By using AWS Tape Gateway, organizations can modernize their backup and archiving processes, improve data durability and accessibility, and reduce the costs and operational overhead associated with physical tape systems.
AWS Data Sync
AWS DataSync
AWS DataSync is a managed service designed to simplify and automate the transfer of data between on-premises storage systems and AWS storage services. It is ideal for use cases that require large-scale data transfers, such as migration, ongoing data replication, and backup operations.
Key features and benefits of AWS DataSync include:
  • Automated Data Transfer: DataSync automates the movement of data, handling tasks such as scheduling, monitoring, and data integrity verification, which reduces manual effort and potential for errors.
  • High Performance: It uses a purpose-built protocol to accelerate data transfer, enabling speeds up to 10 times faster than traditional open-source tools.
  • Versatility: DataSync supports a variety of data sources and destinations, including on-premises storage systems, AWS services like Amazon S3, Amazon EFS, and Amazon FSx for Windows File Server.
  • Security: The service ensures secure data transfer by using encryption in transit and at rest. It also integrates with AWS Identity and Access Management (IAM) for fine-grained access control.
  • Scalability: It handles large-scale data transfer tasks, whether for one-time migrations or continuous data replication, and scales to meet high data volume and throughput requirements.
  • Cost-Effective: DataSync reduces the total cost of ownership by eliminating the need for custom scripts, manual processes, and physical storage transport.
  • Monitoring and Reporting: It provides detailed monitoring and logging through Amazon CloudWatch, allowing you to track the progress of your data transfers and troubleshoot issues efficiently.
  • AWS DataSync is particularly useful for migrating data to the cloud, synchronizing data across different environments, and setting up hybrid cloud storage solutions where data needs to be consistently updated and accessible in both on-premises and AWS environments.
Pricing details can be found here (https://aws.amazon.com/datasync/pricing/)
AWS Transfer Family
AWS Transfer Family is a fully managed service that enables you to transfer files into and out of Amazon S3 or Amazon EFS using Secure File Transfer Protocol (SFTP), File Transfer Protocol over SSL (FTPS), and File Transfer Protocol (FTP). It is designed to provide a seamless and secure way to integrate existing file transfer workflows with AWS storage services.
AWS Transfer Family (SFTP/FTPS/FTP)
Key features and benefits of AWS Transfer Family include:
  • Protocol Support: Supports SFTP, FTPS, and FTP, allowing you to migrate and modernize legacy file transfer workflows without needing to rewrite or reconfigure existing applications.
  • Integration with AWS Storage Services: Directly integrates with Amazon S3 and Amazon EFS, enabling efficient and secure data transfers to and from these storage services.
  • Security: Offers robust security features, including encryption in transit using Secure Shell (SSH) and Transport Layer Security (TLS), integration with AWS Identity and Access Management (IAM), and support for Amazon VPC for network isolation.
  • Scalability and Reliability: Provides high availability and scales automatically to accommodate varying file transfer workloads, ensuring reliable performance and uptime.
  • Managed Service: As a fully managed service, AWS Transfer Family reduces operational overhead by handling infrastructure management, including server maintenance, patching, and scaling.
  • Audit and Compliance: Integrates with AWS CloudTrail and Amazon CloudWatch, allowing you to monitor and log file transfer activities for audit and compliance purposes.
  • Ease of Use: Simplifies the setup and management of file transfer workflows through the AWS Management Console, AWS CLI, and SDKs, making it easy to configure endpoints, user access, and permissions.
  • Custom Identity Providers: Supports custom identity providers for user authentication, allowing integration with existing directory services such as LDAP or Active Directory.
AWS Transfer Family is particularly useful for organizations that need to transfer large volumes of files securely, maintain compliance with data transfer protocols, and integrate their file transfer processes with cloud storage solutions like Amazon S3 and Amazon EFS.
AWS Transfer Family pricing can be found here (https://aws.amazon.com/aws-transfer-family/pricing/)
AWS Snow family
The AWS Snow Family consists of several purpose-built devices and services designed to facilitate data transfer, edge computing, and storage in challenging environments where traditional cloud connectivity may be limited or impractical.
Here are the key components of the AWS Snow Family:
  • AWS Snowcone: The smallest and most portable member of the Snow Family, Snowcone is a rugged and lightweight device designed for edge computing, data transfer, and storage in remote or harsh environments.
  • AWS Snowball: Snowball is a petabyte-scale data transfer device that allows you to securely transfer large amounts of data to and from AWS. It is available in two variants: Snowball Edge, which includes compute capabilities for edge computing workloads, and Snowball, which focuses solely on data transfer.
  • AWS Snowmobile: Snowmobile is an exabyte-scale data transfer service that enables you to transfer extremely large datasets (up to 100 petabytes) to AWS securely. It involves a ruggedized shipping container with a high-capacity data storage and transfer system that is transported to your data center for data migration.
  • AWS Snowcone Edge Computing Optimized: This variant of Snowcone is specifically optimized for edge computing workloads, providing additional compute and storage capabilities to run applications and process data at the edge.
Snow Family feature comparison matrix
Each device in the AWS Snow Family is designed to address different use cases and requirements related to data transfer, storage, and edge computing, offering flexibility and scalability for organizations with diverse infrastructure needs. These devices help bridge the gap between on-premises environments and the cloud, enabling seamless data migration and processing in various scenarios, including remote locations, industrial settings, and mobile deployments.
Pricing information can be found here (https://docs.aws.amazon.com/whitepapers/latest/how-aws-pricing-works/aws-snow-family.html)

Monitor and Analyze Network Traffic

To monitor and analyze network traffic in AWS, you can utilize several native AWS services as well as third-party tools. Here's a general approach:
  • Amazon VPC Flow Logs: Enable VPC Flow Logs for your Virtual Private Clouds (VPCs). VPC Flow Logs capture information about the IP traffic going to and from network interfaces in your VPC. You can analyze these logs using Amazon CloudWatch Logs, CloudWatch Logs Insights, or export them to Amazon S3 for further analysis using tools like Amazon Athena or Amazon Elasticsearch Service.
  • Amazon CloudWatch: Use CloudWatch to monitor metrics related to your AWS resources, including network-related metrics such as network traffic, bandwidth, and latency. You can create custom dashboards to visualize these metrics and set up alarms to get notified about any abnormal network behavior.
  • Amazon VPC Traffic Mirroring: Utilize VPC Traffic Mirroring to capture and inspect network traffic in your VPC. You can mirror traffic from specific EC2 instances to monitoring appliances or third-party tools for in-depth analysis.
  • Third-Party Tools: Consider using third-party network monitoring and analysis tools that integrate with AWS. These tools offer advanced features for network traffic analysis, packet inspection, anomaly detection, and threat detection. Examples include Datadog, Splunk, Wireshark, and Tenable.
  • Amazon VPC Traffic Mirroring with Amazon Inspector: Integrate VPC Traffic Mirroring with Amazon Inspector to perform network packet analysis and security assessments. Amazon Inspector can analyze mirrored traffic to identify vulnerabilities, compliance violations, and security risks in your EC2 instances.
By combining these AWS services and third-party tools, you can effectively monitor and analyze network traffic in your AWS environment to identify performance issues, security threats, and compliance violations.


Optimizing network traffic and costs during your migration to AWS involves a combination of strategic planning, leveraging AWS services, and continual monitoring. By understanding the pricing structure and implementing these best practices, you can ensure a cost-effective and efficient migration to the cloud.
Embrace these strategies to not only cut down on expenses but also to enhance the performance and security of your applications and services on AWS.


Marin Frankovic (LinkedIn: https://www.linkedin.com/in/frankovic/)
With nearly two decades of hands-on experience in the IT industry, Marin a seasoned Senior Solutions Architect at AWS, specializing in crafting and executing innovative cloud migration strategies. My proficiency spans across AWS, Microsoft, and open-source technologies, enabling me to design and implement robust architecture solutions for diverse sectors. I am AWS and Microsoft certified architect, dedicated to sharing knowledge and skills, contributing to publications and empowering others in virtualization and cloud computing.

Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.