This whitepaper is for historical reference only. Some content might be outdated and some links might not be available.
Cost
Definition
In the cloud, the cost of hybrid connectivity includes the cost of provisioned resources and usage. Cost of provisioned resources is measured in units of time, usually hourly. Usage is for data transfer and processing usually measured to in gigabytes (GB). Other costs include the cost of connectivity to the AWS network point of presence. If your network is within the same colocation facility, it might be as little as the cost of a cross connect. If your network is in a different location, there will be a service provider or APN Direct Connect partner costs involved.
Key questions
-
How much data do you anticipate sending into AWS per month from your facility and from the internet?
-
How much data do you anticipate sending from AWS per month to your facility and to the internet?
-
How often will these amounts change?
-
What changes in a failure scenario?
Capabilities to consider
If you have bandwidth-heavy workloads that you wish to run on AWS, AWS Direct Connect can
reduce your network costs into and out of AWS in two ways. First, by transferring data to
and from AWS directly, you can reduce your bandwidth costs paid to your internet service
provider. Second, all data transferred over your dedicated connection is charged at the
reduced AWS Direct Connect data transfer rate, rather than internet data transfer rates – see the
Direct Connect pricing page
AWS Direct Connect allows the use of AWS Direct Connect SiteLink to interconnect your sites using
the AWS backbone – see the
SiteLink launch blog
If you are using a network service provider for connectivity between on-premises and a Direct Connect location, your ability and the time needed to change your bandwidth commitments is based on your contract with the service provider.
The AWS backbone can deliver your traffic to any AWS Region except China from any
AWS network point of presence. This capability has many technical benefits over using the
internet to access remote AWS Regions, but has a cost – see the EC2 Data Transfer pricing page
Optimal application design keeps data processing within AWS and minimizes unnecessary data egress charges. Data ingress to AWS is free.
Note
As part of the overall connectivity solution, in addition to the AWS connection cost, you should also consider cost of the end-to-end connectivity including service provider cost, cross connects, racks, and equipment within DX location (if required).
If you are not sure if you should use the internet or a private connection, calculate a breakeven point where AWS Direct Connect becomes less expensive than using the internet. If the volume of data means that AWS Direct Connect is less expensive, and you require permanent connectivity, AWS Direct Connect is the optimal connectivity choice.
If the connectivity is temporary and the internet meets other requirements, it can be cheaper to use AWS S2S VPN over the internet due to the elasticity of the internet. Note this requires that you have sufficient internet connectivity from your on-premises network.
If you are within a facility which has AWS Direct Connect (the list is available on the Direct Connect
website
With AWS Transit Gateway, you can share your VPN and Direct Connect connections with many VPCs.
While you are charged for the number of connections that you make to the AWS Transit Gateway per
hour and the amount of traffic that flows through AWS Transit Gateway, it simplifies management and
reduces the number of VPN connections and VIFs required. The benefits and cost savings of
lower operational overhead can easily outweigh the additional cost of data processing.
Optionally, you can consider a design where AWS Transit Gateway is in the traffic path to most VPCs,
but not all. This approach avoids the AWS Transit Gateway data processing fees for use cases where
you need to transfer large amounts of data into AWS. Refer to the Connectivity Models
section for further details on this design. Another approach is to combine AWS Direct Connect as
a primary path with AWS S2S VPN over the internet as backup/failover path. While
technically feasible and very cost effective, this solution has technical downsides
(discussed in the Reliability section of this whitepaper) and can be more difficult to
manage. AWS doesn’t
recommend this for highly critical or critical workloads
The final approach is a customer-managed VPN or SD-WAN deployed in Amazon EC2 instance(s). This can be cheaper at scale if there are tens to hundreds of site when compared to AWS S2S VPN. However, there is management overhead, licensing costs, and EC2 resource cost for each virtual appliance to consider.
Decision matrix
Table 3 – Example Corp. Automotive connectivity design inputs
| Category | Customer-managed VPN or SD-WAN | AWS S2S VPN | AWS Accelerated S2S VPN | AWS Direct Connect Hosted Connection | AWS Direct Connect Dedicated Connection |
|---|---|---|---|---|---|
| Requires internet connection | Yes | Yes | Yes | No | No |
| Provisioned resources cost | EC2 instance and software licensing |
AWS S2S VPN |
AWS S2S VPN |
Applicable capacity slice of
port cost |
Dedicated port cost |
| Data transfer cost | Internet rate | Internet rate or Direct Connect rate | Internet with data transfer premium | Direct Connect rate | Direct Connect rate |
| Transit Gateway | Optional | Optional | Required | Optional | Optional |
| AWS Data processing cost | N/A | Only with AWS Transit Gateway | Yes | Only with AWS Transit Gateway | Only with AWS Transit Gateway |
| Can be used over AWS Direct Connect? | Yes | Yes | No | N/A | N/A |
