What is the source of the Global-DataTransfer-Regional-Bytes traffic?
I am currently testing AWS in the Free Tier and have received a warning that the free 1 GB AWS Data Transfer (Global-DataTransfer-Regional-Bytes) is almost used up. What is causing this traffic?
My setup is actually quite simple. A cloudfront distribution and an EC2 instance serving a website. The website is publicly accessible, but gets next to no traffic. I have checked the metrics of the CF distribution and the EC2 instance and virtually no traffic shows up.
If I filter by Usage Type EUC1-DataTransfer-Regional-Bytes (GB) in Cost Explorer and group by API Operation, I see that every day PublicIP-In shows 0.06 GB and PublicIP-Out shows 0.01 GB. In total, this adds up to approximately consumption of the "Regional Bytes". I just don't understand why this falls into this category.
Please note that I do not have any other services in any other region or AZ. Why would there be any regional data transfer?
Edit1: This is how my free tier billboard looks like.
Edit2: I don't have access to technical AWS support so I asked the billing department what the reason is why I get billed for this traffic. After a long discussion they ended up not being able to help me. Unfortunately it seems that they can't escalate the topic to another support level.
Edit3: I did some further research with CloudWatch. I also disabled the CloudFront distribution to rule one possible reason out. The traffic is still generated daily. In CouldWatch I can see a constant traffic flow towards the EC2 instance (please note that CloudFront is disabled and the EC2 instance allows only incoming connections from CloudFront). I don't know what could cause this. Maybe health checks are causing the traffic?
NetworkIn / NetworkOut of the EC2 instance
- Newest
- Most votes
- Most comments
Hi Marco, I've been poking at this a little bit more. I started a fresh EC2 instance, installed Apache, and put a CloudFront distribution in front of it. Even with an open SSH connection from my laptop my NetworkIn and NetworkOut topped out at a few hundred Bps unless I actually loaded a page from the webserver. You're seeing between 10 and 100 times that on your instance, so there's clearly something else happening here.
I think we can rule out anything hitting the public Internet, because that would have a Usage Type of DataTransfer-[In or Out]-Bytes. Your instance is hitting something else in eu-central-1, but it doesn't necessarily have to be something in your account. For instance you might have some software installed that's sending telemetry data to an instance owned by the vendor. You haven't mentioned what AMI you're using, if you're using something from the Marketplace it could be something preinstalled without you realizing it. Maybe you're using your elastic IP address in a config file when you could be using localhost instead, or hitting the public endpoint for some other AWS service. Any of these could conceivably get tallied against PublicIP-[In or Out] while staying in the same region.
I would suggest running a network monitoring application on your instance and see what's doing all the talking. There's a wide variety of programs like that, it depends on your OS and personal preference. I used iftop while experimenting (not an endorsement) and found it pretty easy to use. With the amount of traffic your CloudWatch graph is showing some likely candidates should jump out at you.
It's not CloudFront. It is likely your instance has a Public IP associated that incur charges within the same AZ.
IPv4: Data transferred "in" to and "out" from public or Elastic IPv4 address is charged at $0.01/GB in each direction.
Agreed, the amount of traffic Marco is describing is well within CloudFront's free tier (1 TB/mo from edge locations; origin to edge is always free). The usage type would also include
CloudFront, which these do not.Yes, my EC2 instance has a public IP address. However, I added security groups that only allow incoming requests from CloudFront. Everything else is blocked. What kind of traffic do you have in mind when I tell you that I don't have any other services in any other region or AZ.
DataTransfer-Regional-Bytes refers generally to traffic between availability zones within the same region. This is billed on a per-region basis (Frankfurt in your case), and the sum of this usage across all regions deducts from that 1 GB free tier. This blog post [1] may help shed some light on how these costs are classified and what's driving them. You may also want to look into using cost allocation tags [2] to help make clear what resources are driving specific costs.
[2] https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html
Thank you. I have read the first link you provided before. However I only have a single EC2 instance. Nothing else is in that region or in any of the AZs. So there is no traffic between services in different AZs. The issue must be with CloudFront. Maybe the traffic from and to CloudFront counts towards these regional bytes.
I have the same issue and current suggestions didn't work for me.
I've configured vpc, subnet, internet gateway, ... It utilizes MongoDB Obviously, I'm using Elastic IP and it is a production version. should I reconsider using Elastic IP and check whenever my public ip changed, replace it in route 53 records?
Relevant content
- asked 10 months ago
- asked 3 months ago
- asked 6 months ago
AWS OFFICIALUpdated 6 months ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Thanks a lot for your effort. This information has helped a lot. I used
iftopand saw traffic between the instance and 3 ip addresses on port 27017 but the same region. This is the default MongoDB port. My app connects to a free tier managed database (by MongoDB). I think this solves the mystery. MongoDB must host their db in the same region but probably in a different AZ, so this traffic counts towards the regional traffic. Is this really intended by AWS? I thought only traffic within the region between my services would count.Happy to hear you've worked out what this traffic was from. To the best of my knowledge AWS makes no distinction of who owns what in this scenario, only that there's traffic moving between AZs using the public IP.
I am having the exact same Issue. In my case I don't have any Instance Up Or Running. I not even Have And Service Or Resources being used by me. But Still received a Email stating 85% usage 1.0 GB are always free per month as part of AWS Free Usage Tier (Global-DataTransfer-Regional-Bytes). Even Though I terminated my instances 3 days Before the email received. I used the instance for Serving Ubuntu. Installed some node & nvm