What's NewCloudZero Academy
Guides
CloudZero Status
Start typing to search…

Excessive EC2 Cross-Region Data Transfer

Suggest Edit

This recommendation identifies AWS accounts where EC2 cross-region data transfer costs exceed 10% of total EC2 data transfer costs. Cross-region data transfer occurs when EC2 instances in one region communicate with resources in another region, incurring per-GB charges that are significantly higher than same-region transfers. These costs often indicate architectural inefficiencies.

Cost Impact

Estimated savings: 75% reduction by architecting to keep data within the same region.

Cross-region data transfer is charged per GB, while same-region transfers within an availability zone are free. By consolidating resources within a single region or deploying complete regional stacks, most cross-region costs can be eliminated.

Why This Matters

  • High Cost: Cross-region transfers are significantly more expensive than same-region transfers
  • Performance: Added latency between regions impacts application response times
  • Architectural Issues: Services and data not co-located
  • Hidden Costs: Compute overhead, replication delays, retry logic

Common Causes

  • Multi-region without purpose: HA deployed but never used
  • Legacy migration artifacts: Partial migration between regions
  • Centralized data stores: Single database/cache serving multiple regions
  • VPC peering misuse: Cross-region peering for convenience
  • Backup/DR traffic: Continuous replication instead of snapshots

How to Remediate

Step 1: Identify Traffic Sources

Use VPC Flow Logs or Cost Explorer (filter by DataTransfer-Regional-Bytes) to identify which resources are generating cross-region traffic.

Step 2: Fix Common Patterns

Application and Database Split:

  • Incorrect: App in us-east-1 communicating with RDS in us-west-2
  • Correct: App in us-east-1 communicating with RDS in us-east-1

Centralized Services:

  • Incorrect: Services in multiple regions connecting to single Redis in us-east-1
  • Correct: Each region has its own Redis instance

Cross-Region Microservices:

  • Incorrect: Service A in us-east-1 calling Service B in us-west-2
  • Correct: Both services in same region, or both deployed in each region

Step 3: Choose Architecture Strategy

Option A: Single-Region (Simplest)

  • Deploy all resources in one region
  • Best for most applications

Option B: True Multi-Region (For HA/DR)

  • Deploy complete independent stacks in each region
  • Use Route53 geo-routing
  • NO cross-region traffic during normal operation

Option C: Active-Passive DR (Lower cost)

  • Primary region with hot data
  • Standby region with snapshots only
  • Failover only in disasters

Step 4: Use VPC Endpoints

Replace cross-region AWS service calls with VPC endpoints and regional buckets.

Step 5: Optimize Required Cross-Region Traffic

If cross-region is unavoidable:

  • Use AWS PrivateLink (lower cost)
  • Batch transfers instead of real-time streaming
  • Compress data before transfer

Step 6: Monitor

Set up CloudWatch alarms for DataTransfer-Regional-Bytes to catch regressions.

When Cross-Region is Acceptable

  • Disaster recovery snapshots (periodic, not continuous)
  • CloudFront with regional origins
  • Regulatory compliance requirements
  • True global applications with regional data isolation

Prevention Strategies

  • Enforce regional deployment patterns in IaC
  • Use security groups to block unexpected cross-region traffic
  • Tag resources with region and monitor spending
  • Review architecture for new deployments

Updated about 3 hours ago