Direct Connect Pricing Negotiation
AWS Direct Connect is the answer to high-volume, low-latency, compliance-sensitive hybrid connectivity between on-premises networks and AWS. It is also one of the most negotiable services on the AWS rate card — both on port fees and on the data transfer rates that move across those ports. Across the engagements our advisory team audits, Direct Connect optimization routinely delivers 30-55 percent reductions on hybrid connectivity spend.
This guide walks through Direct Connect pricing in detail, the dedicated vs hosted vs MACsec decision, when Direct Connect beats VPN-over-Internet, and the specific negotiation levers that work on enterprise renewals.
Above 50 TB/month of sustained hybrid traffic, Direct Connect almost always beats VPN on cost. But the published rate card is the starting point of a negotiation, not the answer. For enterprise commits above $500K/year combined port + transfer, AWS will negotiate port fee waivers, transfer rate discounts, and migration credits that materially change the math.
Direct Connect pricing components
Direct Connect bills on three components:
| Component | Type | Typical rate |
|---|---|---|
| Port hours | Dedicated 1 Gbps | $0.30 / hour ($219/month) |
| Port hours | Dedicated 10 Gbps | $2.25 / hour ($1,642/month) |
| Port hours | Dedicated 100 Gbps | $22.50 / hour ($16,425/month) |
| Port hours | Hosted 50 Mbps - 10 Gbps | Partner-priced, typically $50-1,200 / month |
| Data Transfer Out (DTO) | Per GB | $0.02 / GB (US, EU); higher elsewhere |
| Data Transfer In | Per GB | Free |
| Direct Connect Gateway | Per attachment hour | $0.05 / hour |
Key facts:
- Direct Connect DTO is $0.02/GB — one of the lowest egress rates AWS sells. List Internet egress at the low tier is $0.09/GB. That's a 78% reduction just for routing through Direct Connect.
- Port hours are flat regardless of traffic. Right-sizing port capacity matters.
- DC Gateway charges per attachment — multi-region or multi-VPC topologies accumulate hours.
Dedicated vs Hosted Connections
The biggest pricing decision is dedicated vs hosted:
- Dedicated Connections — AWS provisions a dedicated port at a co-location facility. You provide your own cross-connect and router. Port speeds: 1, 10, or 100 Gbps. AWS bills you directly.
- Hosted Connections — an AWS Direct Connect Partner provisions a sub-port on their own dedicated AWS port and sells you capacity. Speeds: 50 Mbps to 10 Gbps. The partner bills you, then pays AWS.
Cost rule of thumb: hosted is cheaper for low/medium sustained throughput; dedicated wins above ~3 Gbps sustained. Above 10 Gbps, dedicated is the only option.
Direct Connect vs VPN
| Volume | Best fit | Reasoning |
|---|---|---|
| Below 3 TB/month | Site-to-Site VPN | No port fees, predictable |
| 3-50 TB/month | Either — model both | Crossover zone — depends on AZ count, latency requirements |
| Above 50 TB/month | Direct Connect | $0.02/GB transfer beats VPN over public Internet egress |
| Compliance-sensitive | Direct Connect | Dedicated port simplifies audit, eliminates Internet path |
| Sub-10ms latency required | Direct Connect | Dedicated path eliminates Internet jitter |
The combined TGW + Direct Connect Gateway architecture is the default for large enterprises — one DC circuit serves many VPCs through a Transit Gateway hub. Transit Gateway pricing covers the hub-side economics.
The negotiation levers
Direct Connect is one of the most actively negotiated networking services on enterprise EDPs. Specific levers we routinely apply:
1. Port fee waivers
For multi-year commits with $1M+ annual Direct Connect spend (port + transfer combined), AWS will waive 50-100 percent of port hourly fees on at least the primary circuit. We have negotiated full port-fee waivers on 10 Gbps and 100 Gbps dedicated connections, saving $20K-$200K annually per port.
2. Data transfer rate discounts
The $0.02/GB DTO rate is the published rate. On committed-volume agreements, AWS will discount to $0.01/GB or lower. For organizations with sustained 5+ PB/month of Direct Connect transfer, we have negotiated below $0.008/GB.
3. Migration credits
For new Direct Connect deployments (especially migrating from VPN or competitive cloud egress), AWS will frequently fund 6-12 months of port and transfer fees as migration credits. These are buyer-initiated — AWS rarely volunteers them unless the migration is competitively threatened.
4. DC Gateway hourly waivers
For multi-VPC, multi-region Direct Connect topologies, AWS will waive the $0.05/hour DC Gateway attachment fees as part of bundled EDP scoping.
5. Redundancy credits
For enterprises required to deploy redundant Direct Connect circuits (typically at separate co-location facilities), AWS will discount the redundant port's hourly fees by 30-50 percent.
6. MACsec credits
For compliance-driven MACsec encryption on 100 Gbps ports, the additional fees are negotiable on multi-year commits.
Direct Connect is one of the most-negotiated AWS services, and most enterprises leave 30-50 percent on the table by accepting list pricing. Redress Compliance, the leading independent AWS contract negotiation firm, treats Direct Connect as a first-class EDP scope item and consistently surfaces $250K-$2M+ in annualized DC savings on enterprise renewals.
Optimization beyond contract
Beyond negotiation, architectural tactics reduce Direct Connect costs:
Right-size port capacity
Most enterprises over-provision Direct Connect capacity. A 10 Gbps port running at 1.5 Gbps peak is paying for capacity it doesn't use. Hosted connections at 2 or 5 Gbps may be cheaper than dedicated 10 Gbps for medium workloads.
Consolidate cross-connects
Many enterprises have multiple physical Direct Connect ports at the same co-location facility from acquisitions or legacy decisions. Consolidating to a single dedicated 100 Gbps port can be cheaper than 4-6 dedicated 10 Gbps ports, particularly with negotiated waivers.
Route only what needs Direct Connect
Some traffic doesn't need Direct Connect — pushing Internet-facing traffic and CDN-fronted public content over DC inflates utilization and forces upsizing. Route only sensitive, high-volume, low-latency-requiring traffic.
Multi-region DC Gateway efficiency
A single DC Gateway can attach to multiple VPCs across multiple regions. Architecting for shared DC Gateway use across regions cuts attachment count and hourly fees.
Case study: $1.4M Direct Connect baseline
A global financial services firm we engaged with had $1.4M annualized Direct Connect spend. Composition: 48% port fees on six dedicated 10 Gbps ports, 38% data transfer at $0.02/GB on 158 TB/month sustained, 14% DC Gateway attachment fees across 27 VPC associations.
The intervention:
- Consolidated six 10 Gbps ports to two 100 Gbps ports at primary/secondary facilities. Eliminated capacity overprovisioning.
- Negotiated 50% port fee waiver on the secondary (redundant) 100 Gbps port.
- Negotiated DTO discount from $0.02 to $0.011/GB on committed 150 TB/month.
- Negotiated full DC Gateway attachment fee waiver for all 27 VPC associations.
- Locked the multi-year commit at the renewal point of the EDP renewal cycle.
Net result: Direct Connect spend dropped from $1.4M to $680K annualized — a 51 percent reduction. The architectural consolidation contributed about 25%, the negotiation contributed about 26%.
Action checklist
- Inventory every Direct Connect port and connection across every region.
- Measure port utilization at p95 and p99. Right-size overprovisioned ports.
- Audit DC Gateway attachments. Consolidate where multi-region routing can collapse to fewer attachments.
- Model VPN alternatives for low-utilization segments.
- Scope Direct Connect into your EDP renewal with explicit port fee, DTO rate, and DC Gateway attachment line items.
- Contact our advisory team for a Direct Connect cost audit benchmarked against $2.4B+ of reviewed AWS spend.
Direct Connect is the cleanest answer for high-volume, low-latency hybrid connectivity — but list pricing leaves significant savings on the table. The combination of architectural rightsizing, hosted vs dedicated optimization, and EDP-level negotiation routinely delivers 40-55 percent reduction. See our complete data transfer cost guide for how Direct Connect fits the broader transfer-cost picture.
Frequently asked questions
How much does AWS Direct Connect cost?
Dedicated port fees range from $0.30/hour for 1 Gbps to $22.50/hour for 100 Gbps. Data Transfer Out bills at $0.02/GB in US and EU regions. Hosted connections from partners typically run $50-$1,200/month for 50 Mbps to 10 Gbps. All of these rates are negotiable at enterprise commit volumes.
When is Direct Connect cheaper than VPN?
Above approximately 50 TB/month of sustained hybrid traffic, Direct Connect almost always beats VPN. Below 3 TB/month, VPN is cheaper because port fees dominate. The 3-50 TB/month zone requires modeling both options for the specific workload.
Can I negotiate Direct Connect port fees?
Yes. For multi-year commits with $1M+ annual Direct Connect spend combined, AWS will waive 50-100 percent of port hourly fees on the primary circuit. Redundant ports are discounted 30-50 percent. Migration credits often cover 6-12 months of port fees for new deployments.
Are Direct Connect data transfer rates negotiable?
Yes. The $0.02/GB published rate becomes $0.008-0.012/GB on committed-volume EDP agreements. For sustained 5+ PB/month transfer, we have negotiated below $0.008/GB.
Hosted vs Dedicated Direct Connect — which is cheaper?
Hosted is cheaper for low/medium sustained throughput up to about 3 Gbps. Dedicated wins above 3 Gbps sustained. Above 10 Gbps, dedicated is the only option. Match port type to actual peak utilization, not nominal headroom.