I’ve noticed unexpectedly high costs in our AWS bill, specifically from NAT Gateway data transfer charges. After investigating, it seems the Redis backup Cron Jobs are the primary cause.

Here’s the setup:

• Redis: in a node in private subnet in AZ A.
• Backup Process: Regular backups to S3. generated by hourly Cron Jobs in the same private subnet in AZ A.

Redis architecture

Issue:

Every time a Redis backup is triggered, the data transfer through the NAT Gateway significantly increases, resulting in high charges. This is especially problematic because our database size is growing, and so are the backup-related costs.

What I’ve noticed:

1. Alongside the spikes in NatGateway prices, the costs of these operations increased as well “CreateVolume-Gp2”, “CreateVolume-Gp3”, “PublicIp IN”, “InterZone OUT” and “createSnapshot”, the graph bellow is showing that.

Api operations costs

2. Examined the workflow between Redis and other IPs, found out an eni in AZ B with the most frequent exchanges, so maybe that’s the responsible cause, but i still can’t find a way to confirm that. We can see below the list of the most frequent exchanges in 24 hours, 192.168.138.51 is the IP address of the Redis node:

• found 192.168.220.133 to be an ENI in a different AZ B, but i can’t pinpoint to what it belongs.
• found some public IP addresses generating a lot of flows. List of frequent exchanges

Here are additional infos about the ENI in AZ B

{
    "NetworkInterfaces": [
        {
            "Attachment": {
                "AttachTime": "2025-01-14T12:09:58+00:00",
                "AttachmentId": "eni-attach-013284cXXXXXX",
                "DeleteOnTermination": true,
                "DeviceIndex": 1,
                "NetworkCardIndex": 0,
                "InstanceOwnerId": "230607XXXXXX",
                "Status": "attached"
            },
            "AvailabilityZone": "us-east-1b",
            "Description": "Amazon EKS fg-cluster-XXXXXX",
            "Groups": [
                {
                    "GroupName": "k8s-traffic-fgekscluster002-XXXXXX",
                    "GroupId": "sg-07be3bb995XXXXXX"
                },
                {
                    "GroupName": "fg-eks-vpc-002-ControlPlaneSecurityGroup-XXXXXX",
                    "GroupId": "sg-0e1f4379aXXXXXX"
                },
                {
                    "GroupName": "eks-cluster-sg-fg-cluster-XXXXXX",
                    "GroupId": "sg-06b14fe6XXXXXX"
                },
                {
                    "GroupName": "eks-cluster-sg-fg-eks-cluster-XXXXXX",
                    "GroupId": "sg-0df640384cXXXXXX"
                }
            ],
            "InterfaceType": "interface",
            "Ipv6Addresses": [],
            "MacAddress": "02:0d:31:XXXXXX",
            "NetworkInterfaceId": "eni-0c28dd4d2XXXXXX",
            "OwnerId": "230607XXXXXX",
            "PrivateDnsName": "ip-192-168-220-133.ec2.internal",
            "PrivateIpAddress": "192.168.220.133",
            "PrivateIpAddresses": [
                {
                    "Primary": true,
                    "PrivateDnsName": "ip-192-168-220-133.ec2.internal",
                    "PrivateIpAddress": "192.168.220.133"
                }
            ],
            "RequesterId": "230607XXXXXX",
            "RequesterManaged": true,
            "SourceDestCheck": true,
            "Status": "in-use",
            "SubnetId": "subnet-0bc15c5f1dXXXXXX",
            "TagSet": [],
            "VpcId": "vpc-08e55cbc5XXXXXX"
        }
    ]
}

Questions:

1. What could the cause of this actually be?
2. How can i detail NAT Gateway pricing?
3. Is it possible to filter between non-free traffic and free traffic?
4. Is there a way to determine the source of that ENI in AZ B?
5. could the public IP addresses be the cause?

Thanks in advance!