I was checking our recent bill using Cost Explorer and found that the biggest charge was for VPC. Grouping charges by a resource I found that all charges are for ENI - Elastic Network Interfaces. Cost Explorer report them as following:
arn:aws:ec2:eu-north-1:XXXXXXXX:network-interface/eni-0XXXXXXXX
arn:aws:ec2:eu-north-1:XXXXXXXX:network-interface/eni-1XXXXXXXX
These are EC2 instances managed by Elastic Beanstalk. EB environments have a load balancer assigned to them. Networking and database - Public IP Address option is deactivated. EC2 instances are split between two availability zones.
I expected to be charged for internet egrees, but it seems that I'm being charge for local traffic as well.
Is there something I can do to avoid these charges?
I was checking our recent bill using Cost Explorer and found that the biggest charge was for VPC. Grouping charges by a resource I found that all charges are for ENI - Elastic Network Interfaces. Cost Explorer report them as following:
arn:aws:ec2:eu-north-1:XXXXXXXX:network-interface/eni-0XXXXXXXX
arn:aws:ec2:eu-north-1:XXXXXXXX:network-interface/eni-1XXXXXXXX
These are EC2 instances managed by Elastic Beanstalk. EB environments have a load balancer assigned to them. Networking and database - Public IP Address option is deactivated. EC2 instances are split between two availability zones.
I expected to be charged for internet egrees, but it seems that I'm being charge for local traffic as well.
Is there something I can do to avoid these charges?
Share Improve this question asked Feb 3 at 19:57 Ivan NikitinIvan Nikitin 4,14332 silver badges41 bronze badges 4- 1 Customer service questions, including billing and account management, are off topic here. You should ask Amazon. See meta.stackoverflow/q/255745/14853083 – Tangentially Perpendicular Commented Feb 3 at 20:01
- @TangentiallyPerpendicular It seems to be a technical question asking what may cause additional charges for private EC2 instances. – Ivan Nikitin Commented Feb 3 at 20:06
- A technical question is not necessarily a software development question and thus site focuses on programming and software development. Your answer does not include anything that could be described as software development. The question remains off-topic. – Tangentially Perpendicular Commented Feb 4 at 20:58
- Data transfer within the same AZ is free. Cross-AZ is not local, and not free. – jarmod Commented Feb 4 at 22:12
1 Answer
Reset to default 0Summary: these are hidden ElasticBeanstalk costs that cannot really be avoided.
Answering my own question
ENI charges include IPv4 charges, as well as cross-region and cross-availability zone (AZ) traffic charges. AWS charges for traffic going to other regions and for traffic between different availability zones within the same region. You can see a breakdown of ENI charges by UsageType.
Reducing Cross-Region and Cross-AZ Charges
Cross-region and cross-AZ charges can be mitigated by keeping all your resources in a single region and a single availability zone. However, this comes with a risk: if that AZ or region experiences an outage, your entire service will go down. Keep this in mind when designing your infrastructure.
Reducing IPv4 Charges
Eliminating IPv4 costs is more challenging. While you can configure Elastic Beanstalk to not assign a public IPv4 address, a default VPC automatically assigns one to new instances. You can disable this by navigating to: VPC Console → Your VPC → VPC Settings → Auto-assign public IPv4.
However, disabling public IPv4 also removes internet access for these EC2 instances. Elastic Beanstalk requires internet access to install necessary packages and communicate with its services. If an EC2 instance is launched without a public IPv4, the Elastic Beanstalk console does not reflect this properly—it remains stuck in the "creating instance" state, even though the instance has been successfully created.
A workaround is to use a private VPC (which doesn't assign public IPv4 addresses) and set up a NAT Gateway to enable internet access. Unfortunately, NAT Gateways are expensive:
- $0.045/hour
- $0.045 per GB of traffic through the gateway
- $0.09 per GB for egress traffic
If you have fewer than 10 instances, it's actually cheaper to pay for public IPv4 addresses ($0.005/hour per instance) than to run a NAT Gateway.
Alternative: App Runner Instead of Elastic Beanstalk
Another option is to switch from Elastic Beanstalk to a container-based service like App Runner. While this may help reduce public IPv4 costs, App Runner’s compute pricing is significantly higher. I haven't explored this option in depth yet, but switching to App Runner may not necessarily result in overall cost savings.