Your AZs Are Talking Behind Your Back-and It’s Costing You a Fortune

Here’s a fun cloud trivia question: What’s invisible, silent, and quietly draining tens (or hundreds) of thousands of dollars from your AWS bill every month?

No, it’s not unused EBS volumes (though, yes, clean those up too).
It’s AZ-to-AZ data transfer, and it’s sneakier than you think.

The Costly Chatter of AZs

In AWS, when data moves between Availability Zones (AZs) in the same region, you’re charged twice: once for the data leaving the source AZ, and again for the data entering the destination AZ. That’s 2¢ per GB in each direction, which adds up fast in large-scale architectures.

Now, this might make sense if you’re running multi-AZ databases or high-availability architectures. But here’s the kicker: a huge amount of inter-AZ data transfer is accidental, unnecessary, or just plain misunderstood.

Common reasons AZ-to-AZ traffic blows up:

• You’re running microservices that communicate across AZs without awareness.
• You have EKS nodes in different AZs being used interchangeably.
• Load balancers are routing traffic across zones unpredictably.
• Stateful services don’t respect AZ affinity.
• You just inherited a YAML file from 2019 and prayed it still works.

From this excellent article, a team discovered over 80% of their AZ-to-AZ data transfer was avoidable-they just didn’t have visibility until they deeply dived to it.

But Why Is It So Difficult to Reduce These Costs?

You can see these costs in the AWS Cost and Usage Report (CUR) under usage types like:

• AWS:DataTransfer-Regional-Bytes
• AWS:DataTransfer-Regional-Bytes-Out
• BoxUsage:<AZ>:DataTransfer-Out-Bytes

For example:

But here’s the problem: even if you’re staring at these line items in a spreadsheet, you have no idea what actually caused them.

You might get machine-level insights as EC2 instance IDs but if you’re running modern workloads on Kubernetes, good luck tracing that cost back to a specific pod, namespace, or workload. 

Some teams try to bridge the gap using VPC Flow Logs, which capture IP-to-IP communication metadata. While helpful, running Flow Logs continuously across your infrastructure is incredibly expensive and paradoxically, might cost you more than the AZ-to-AZ transfers you’re trying to debug.

And even if you do swallow the cost of VPC Flow logs, there’s another problem:

Flow Logs give you raw networking data, not context. Here is an example for the logs:

You now have a mountain of IP-to-IP traffic data. But guess what? That’s like getting a box of puzzle pieces with no picture on the lid. You still have to do all the heavy lifting: enriching the logs, mapping IPs to instances, cross-referencing cloud inventory, figuring out what workload or container each IP belongs to, and then trying to decode the business logic behind the traffic pattern.

And in a Kubernetes world, it’s even worse. You’re dealing with dynamic IPs, ephemeral pods, autoscaling groups, service meshes… it’s chaos. You’ll need hours (or days) of engineering time, tagging discipline across teams, and a pretty serious stack of log correlation tools-just to figure out if a single microservice is the one chatting across AZs.

By the time you get answers, your cloud bill has already blown up.

So how do you fight a cost you can’t even trace?

Attribute’s Solution: Shine a Light on the Hidden Costs

At Attribute, we’ve built a unique solution to make the invisible visible.

Our eBPF sensor tracks every byte leaving your workloads-source IP to destination IP-so we can reconstruct the story behind your data transfers. But it doesn’t stop there:

Smart AZ Detection Engine

We don’t just look at traffic-we understand it. Our engine correlates every IP with cloud routing tables to determine whether the communication is:

• Inside the same AZ
• Across two AZs in the same region
• Between different regions
• Or straight to the internet (hello, egress fees!)

If your data is sneaking out through NAT gateways, ELBs, or other network middlemen, we catch that too. 

To sum it all up, when combining our eBPF sensor unique data with the cost items from CUR, we get workload level AZ-AZ accurate cost per connection and IP. 

Insight to Action

 Once you see the problem, we help you solve it. We help you assess alternatives-whether that’s co-locating services in the same AZ, tweaking your k8s affinity rules, or re-architecting your flows.

With Attribute, you get the visibility, clarity, and control to cut unnecessary inter-AZ costs-often by 50-80%.

Take the First Step

You can’t fix what you can’t see.

Start by finding out where your inter-AZ traffic is really going and why and continue with taking actions to reduce its cost. Attribute is here to help you from A to Z.

Book a demo with us and start speaking the networking cost language.