AWS bill shock / Problem diagnosis

AWS NAT Gateway Bill Shock: What to Check First

Short answer: NAT Gateway bill shock usually means private subnet traffic is taking an expensive path. Start by finding which workload, route table, availability zone, or transfer pattern created the processed-data spike.

Decision rule
  • Fix the traffic path before treating the whole AWS account as the problem.
  • Verify current provider pricing directly before buying or migrating.

RunPlacement quiz

Pressure-test this workload

Fix the traffic path before treating the whole AWS account as the problem.

Uses workload type, budget, GPU need, data movement, priority, and ops tolerance.
Use the quiz

Right fit

  • NAT Gateway charges jumped month over month.
  • Private workloads are pulling packages, logs, images, or external APIs through NAT.
  • The team is considering migration before explaining the line item.

Quick checks

  • Compare this month to the last normal month by service and region.
  • Identify the route tables and subnets using the NAT Gateway.
  • Check for cross-AZ paths, package mirrors, container pulls, backups, and log forwarding.
  • Look for VPC endpoints or architecture changes that can remove repeated NAT traffic.

Rough math

  • NAT surprise = current NAT Gateway total - previous normal NAT Gateway baseline.
  • Repeatable NAT cost = hourly gateway cost + recurring processed-data cost.
  • Fix payback = engineering time cost / monthly repeatable savings.

Red flags

  • Private subnets route all outbound traffic through NAT by default.
  • Large recurring data movement goes through NAT instead of a private endpoint or different path.
  • No one owns route tables, endpoints, or data movement review.

What to do next

  • Use the AWS bill shock checklist to group the bill driver.
  • Document the traffic path before changing architecture.
  • Run the quiz if the NAT fix raises a larger placement question.

Related resources

Use a worksheet before making the call

These supporting pages turn the decision into fields a buyer, engineer, or founder can actually compare.

AWS bill shockAWS Bill Shock Triage ChecklistChecklist / 7 sections / sourced

A first-pass checklist and visual triage flow for finding the AWS line items that usually make a bill jump.

 Workload placementWorkload Placement WorksheetChecklist / 7 sections / sourced

A practical worksheet and decision map for deciding where a workload should run before provider choice hardens.

Related decisions

Keep narrowing the placement question

Follow the adjacent pages when the first answer exposes a deeper cost driver or operating constraint.

AWS bill shockAWS Pricing Calculator Alternative: What to Use for Placement DecisionsTool evaluation

For placement decisions, an AWS pricing calculator is useful but incomplete. You also need workload shape, hidden bill drivers, migration cost, operational tolerance, and whether the problem is AWS itself or one expensive line item.

 Cloud migrationCloud Egress and Exit Cost: What to Price Before MovingMigration planning

Cloud egress is only one part of exit cost. A serious migration estimate also prices data export, recurring transfer, storage retrieval, rewrites, testing, downtime, rollback, and new operations.

 AWS bill shockCloud Cost Tools for Startups: What to Use Before Hiring FinOpsCommercial investigation

Startups usually need three layers: native billing visibility, lightweight alerting or cleanup, and a decision worksheet for workload placement when the bill changes the infrastructure strategy.

Framework

Use the underlying decision model

These framework pages define the terms and formulas behind this specific decision.

AWS bill shockCloud Bill Shock Taxonomycloud bill shock

Classify bill shock by driver class first: compute, network, storage, observability, managed services, support, marketplace, or commitment mismatch.

 Workload placementWorkload Placement Frameworkworkload placement

Choose workload placement by matching the workload's cost driver, data movement, performance needs, operational tolerance, and commitment horizon to the right infrastructure category.

FAQ

Why did my AWS NAT Gateway bill spike?

Common causes include unexpected private subnet egress, cross-AZ traffic paths, container pulls, backups, logging, package downloads, or workloads that moved more data than expected.

Should I delete the NAT Gateway immediately?

Usually no. First confirm which workloads use it and whether a safer route, endpoint, or architecture change can remove the recurring cost.

Can NAT Gateway charges justify leaving AWS?

Sometimes, but only after the traffic pattern is understood. Many NAT surprises are fixable without a full migration.

Sources

RunPlacement quiz

Pressure-test this workload

Fix the traffic path before treating the whole AWS account as the problem.

Uses workload type, budget, GPU need, data movement, priority, and ops tolerance.
Use the quiz