The egress trap: what it actually costs to leave the cloud
AWS at $0.09/GB, GCP at $0.12/GB, Hetzner at EUR 1/TB. A 100 TB egress month costs $9000 on AWS and EUR 80 on Hetzner. Why the difference exists and how to model it.
The single biggest cost surprise on a cloud migration is egress. Compute prices vary by 2-3x between providers; egress prices vary by 2 to 3 orders of magnitude.
Run the math for 100 TB of monthly egress to the internet, the kind of volume a mid-size SaaS or a public-facing API might do:
| Provider | Headline rate | 100 TB cost |
|---|---|---|
| AWS (after first 100 GB free) | $0.09/GB tiered down to $0.05/GB above 150 TB | ~$8,200 |
| GCP (standard tier) | $0.12/GB first TB, $0.11 next 9 TB, $0.08 to 150 TB | ~$8,700 |
| Azure | $0.087/GB after first 100 GB | ~$8,000 |
| Linode | $0.005/GB after free allocation | ~$500 |
| DigitalOcean | $0.01/GB after free allocation | ~$1,000 |
| Vultr | $0.01/GB after free allocation | ~$1,000 |
| Hetzner | EUR 1/TB after 20 TB included per VM | ~EUR 80 |
The hyperscalers are 80-100x more expensive than Hetzner for egress. There is no architectural reason for this — it's pure margin extraction, enabled by the fact that egress is the stickiest thing in cloud. Once your data lives in S3, moving it out at $0.09/GB is the disincentive.
Why is hyperscaler egress so expensive?
Hetzner pays approximately EUR 0.30-0.50 per Mbit/s/month for transit at scale, which works out to about EUR 0.10-0.20 per TB at 90% utilisation. They charge customers EUR 1/TB. That's a 5-10x markup, which is normal for any wholesale-to-retail business.
AWS at $0.09/GB is $90/TB. That's a 200-500x markup over wholesale. The egress price is not a cost-recovery price — it's a switching-cost price. The same reasoning explains why intra-AWS S3-to-EC2 in the same region is free (encourages you to keep data on AWS) but EC2-to-internet is $0.09/GB.
The realistic egress profile of common workloads
- Internal API serving an app: 1-5 TB/month per million MAU. AWS cost: $90-450/month per million MAU.
- Image-heavy site without a CDN: 20-50 TB/month for a moderately busy site. AWS cost: $1,800-4,000/month.
- Video streaming, even short-form: 100-500 TB/month easily. AWS cost: $9,000-40,000/month.
- Public download mirror, package registry: Often 1+ PB/month. Infeasible on AWS without a CDN.
- Backup target receiving data: Free (ingress).
- Database replication to a DR region: Can be massive — easily 10+ TB/month for an active OLTP system. Cross-region egress is $0.02/GB on AWS, so $200/TB.
Mitigation strategies that actually work
1. Put a CDN in front of everything public
CloudFront is $0.085/GB in the cheap regions, but the AWS-to-CloudFront connection is free. So serving via CloudFront cuts your egress bill in half versus serving directly from EC2 or S3. Cloudflare bandwidth is effectively free at any volume — they cap it via fair-use only at massive scale. For static assets and images, Cloudflare is a strictly better choice than CloudFront.
2. Use Direct Connect / ExpressRoute for office and DC traffic
AWS Direct Connect bandwidth is $0.02/GB outbound, versus $0.09/GB over the internet. If you have offices or DCs that pull large data sets from AWS, the math pays back in months.
3. Use the VPC Gateway endpoints for S3 and DynamoDB
Free. Eliminates NAT data processing charges and ensures traffic doesn't egress through NAT.
4. Architect for data locality
If 80% of your users are in one region, putting the entire application in that region (rather than active-active across continents) eliminates a huge slice of inter-region egress. Replicate only the cold backup data, not the live traffic.
5. Move bandwidth-heavy components off the hyperscaler
The classic pattern: keep the database and ML pipeline on AWS for the managed services, but move the public-facing static asset hosting to Hetzner, DigitalOcean, or Cloudflare R2. R2 in particular has zero egress fees — it's a direct shot at S3's economics.
The hidden egress: AZ-to-AZ
Often forgotten: AZ-to-AZ traffic on AWS is $0.01/GB each way. A Kubernetes cluster with 50 nodes spread across 3 AZs, with a chatty service mesh, can easily push 5-10 TB/month of cross-AZ traffic. That's $50-100/month per direction, $100-200/month total. Most teams have never even looked at this line. More on hidden line items here.
The egress calculator
The cloudprice TCO calculator includes egress as a first-class input — drop in your expected GB/month and compare side by side. For a single workload comparison head to AWS vs Hetzner and tune the egress slider — the crossover point where Hetzner stops being >5x cheaper than AWS is roughly never.
External reading: Cloudflare's "AWS's egregious egress" piece remains the best rant on the topic, and the AWS free-egress-on-exit policy is what they begrudgingly added when regulators started circling.