By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Unknown data transfer between regions in EC2 instance

0

I'm using Free-Tier package. I have activated below resources in my AWS account 1] An Instance with an EBS Volume attached in the Asia Pacific (Hong Kong) region. 2] An Elastic IP in the Asia Pacific (Hong Kong) region. 3] VPC resources in the Asia Pacific (Hong Kong) region.

I created an EC2 instance in Asia Pacific(Hong Kong) Region and install Outline VPN software under this EC2 instance. I did not activate any resources in other regions.

However, it's found that there was data transfer from Asia Pacific(Hong Kong) Region to multiple other regions such as Asia Pacific (Singapore), US East (Dallas), EU (Milan), US West (Las Vegas), US West (Los Angeles), Peru (Lima). It produced some charges and AWS Customer Services is unable to explain the case.

Below is part of the bill statements for your reference.

-AWS Data Transfer APE1-APS1-AWS-Out-Bytes -$0.09 per GB - Asia Pacific (Hong Kong) data transfer to Asia Pacific (Singapore) Nov 2023: 26.245GB Oct 2023: 1.35GB Sep 2023: 0.587GB Aug 2023: 0.101GB Jul 2023: 1.384GB Jun 2023: 0.287GB May 2023: 0.253GB Apr 2023: 0.297GB

How can I prevent the additional charge of the data transfer from Asia Pacific(Hong Kong) Region to other regions?

Thanks, Kenneth

Topics
ComputeAnalyticsCloud Financial Management
Tags
Amazon EC2AWS Data ExchangeAWS Billing
Language
English
Kenneth
asked 5 months ago266 views
1 Answer
1
Accepted Answer

Regarding the purpose of your resources (EC2 instance) - does it have to be accessible via the Internet? Assuming that you have Elastic IP, it looks like you want it to be reachable from outside, correct? If someone has access to your resources (outside of your VPC or your account) that you might not be aware of, this would generate unwanted traffic; they might be accessing your instance from their own resources located in other AWS Regions, which is why you'd see the traffic going to other regions. Since AWS does not have control over what's inside your application / what you actually do on your instances, it's up to you to set up proper access and controls to restrict your resources only to perform their main function.

I'd suggest reviewing your security groups and Network ACLs, to make sure that you're not allowing anyone access to your instance (for example... you certainly shouldn't have the 0.0.0.0/0 rule that would potentially open up access to your instance for anyone on the internet).

The best way to track where the traffic is going or where it's coming from, would be using VPC Flow Logs. Though, note that you may be getting charges (CloudWatch logs) for them, too. If you wanted to troubleshoot, you can enable the flow logs for an hour or so, and just see what's going on with the traffic. Then, you'd have better idea how to restrict access to your instance.

profile pictureAWS
EXPERT
Nataliya_G
answered 5 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago
  • Kenneth
    5 months ago

    Yes. I have multiple devices accessing my VPN services via the internet. I configured 2 security group under the Region.

    1. The default security group.
    2. Custom security group
    • Inbound rule: Type=SSH/Custom TCP/Custom UDP with specific ports, Source=0.0.0.0/0 -Outbound rule: Type=All traffic with all ports, destination=0.0.0.0/0
  • Nataliya_G EXPERT
    5 months ago

    Yes, based on your example "Asia Pacific (Hong Kong) data transfer to Asia Pacific (Singapore)" - this likely corresponds to traffic that your resources in Hong Kong are sending out to other resources located in Singapore region. It could be that your resources are responding to requests coming from those other resources in another region. I can't confirm if 26.245GB volume of traffic is a lot... it really depends on the context. The best way to know the traffic patterns and troubleshoot further is really through VPC Flow Logs.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content