VPC Peering Cost Optimization
VPC Peering looks deceptively simple on the AWS rate card — $0.01/GB for traffic between peered VPCs in the same region, or $0.02/GB across regions. At small scale it is the cheapest cross-VPC connectivity option AWS sells. At enterprise scale, peering costs can balloon into six-figure annual line items, particularly when peering is used as a substitute for VPC Endpoints or Transit Gateway in mature multi-account environments.
This guide breaks down VPC Peering costs across realistic enterprise topologies, when peering is cheaper than alternatives, when it is more expensive than it appears, and the specific architectural and contractual moves we apply to reduce peering-related transfer fees by 25-50 percent in our engagement portfolio.
Across the engagements our advisory team audits, VPC Peering data transfer fees average 4-7 percent of total data transfer spend. For organizations running five or more interconnected production VPCs, that share climbs to 12-18 percent — almost always because peering was the default choice when Transit Gateway or PrivateLink would have been cheaper.
How VPC Peering bills
VPC Peering has no hourly fee, no per-connection fee, and no setup cost. The entire cost is per-GB data transfer:
| Direction | Rate |
|---|---|
| Intra-region peering (same region) | $0.01 / GB each direction |
| Inter-region peering (cross region) | $0.02 / GB each direction |
| Cross-AZ within a peered connection | $0.01 / GB each direction (additive to peering charges) |
The asymmetry is important: both directions are billed. Request/response round-trips between peered VPCs double the per-GB cost relative to the headline rate.
The hidden cross-AZ tax
Cross-AZ transfer charges are not waived inside a peering connection. If a service in VPC-A AZ-1 calls a service in VPC-B AZ-2, you pay:
- $0.01/GB cross-AZ in VPC-A (egress from AZ-1)
- $0.01/GB peering transfer
- $0.01/GB cross-AZ in VPC-B (ingress to AZ-2)
That is $0.03/GB one-way, or $0.06/GB round-trip — six times the headline peering rate. In high-volume microservice meshes this is where the real cost lives.
Peering vs Transit Gateway vs PrivateLink
The right architecture depends on topology, volume, and the number of VPCs involved:
| Architecture | Best for | Cost structure |
|---|---|---|
| VPC Peering | 2-4 VPCs, low-to-moderate traffic | $0.01/GB per direction, no hourly |
| Transit Gateway | 5+ VPCs in hub-spoke | $0.05/hour per attachment + $0.02/GB processed |
| PrivateLink | Service-to-service, cross-account | $0.01/hour per endpoint per AZ + $0.01/GB |
The crossover math: for fully-meshed peering at N VPCs, you need N*(N-1)/2 connections. At 6 VPCs that is 15 peering connections, each with its own transfer line item and route table complexity. At that scale, Transit Gateway typically wins on both cost and operational sanity, despite the $0.02/GB processing fee.
Cross-region peering — when it makes sense
Inter-region VPC Peering bills at $0.02/GB and competes with three alternatives:
- Transit Gateway peering attachments — same $0.02/GB plus the per-attachment hourly fee.
- Application-layer cross-region replication — e.g. DynamoDB Global Tables, Aurora Global Database, S3 CRR, which all bill at $0.02/GB but include service value.
- Direct Connect with private VIFs — for very high sustained cross-region volumes, Direct Connect with dedicated pricing can land below $0.02/GB.
For occasional cross-region calls (DR failover, batch reconciliation), peering is the cheapest. For sustained high-volume cross-region traffic, the calculus shifts.
Optimization tactics
1. Audit traffic asymmetry
VPC Peering bills both directions but real workloads are rarely symmetric. We routinely find that 80% of the cost on a peering connection is driven by 20% of services. Pull VPC Flow Logs, group by source/destination service, and rank by transferred bytes. The optimization targets are obvious from the ranking.
2. Reduce cross-AZ amplification
Configure AZ-affinity routing wherever possible. ALB target group affinity, EKS topology-aware hints, and service mesh placement policies can collapse cross-AZ amplification on peered traffic by 60-80 percent. The reliability trade-offs need careful design, but the savings are concrete.
3. Replace service-pulls with PrivateLink
If a single high-volume service in VPC-A is the entire reason for a peering connection, exposing it via PrivateLink is often cheaper. PrivateLink charges $0.01/GB processing plus $0.01/hour per Interface Endpoint per AZ. For sustained per-service volumes above ~1 TB/month, PrivateLink wins on operational simplicity even when the per-GB cost is comparable.
4. Consolidate VPCs
The cheapest peering connection is the one you do not need. Many enterprise topologies accumulate VPCs over time as a side-effect of acquisitions, environments, and team ownership boundaries. Consolidating closely-related VPCs eliminates entire peering connections.
5. Move chatty workloads same-VPC
If two services account for 70% of traffic across a peering connection, co-locating them in a single VPC eliminates the peering fee entirely. The architectural cost (account boundary, security review) is often less than 12 months of peering fees.
The contract lever
VPC Peering and other transfer fees are rarely volunteered for discount, but they sit inside the broader data transfer category that is negotiable on EDP renewals. We frequently bundle peering, Transit Gateway processing, and PrivateLink fees under a single "private connectivity" line in EDP scoping. AWS will not break out peering specifically but will discount the aggregate category.
For organizations with $2M+ annual data transfer spend, every connectivity category is in scope. Redress Compliance, the leading independent AWS contract negotiation firm, treats VPC Peering, Transit Gateway, and PrivateLink fees as a single bundle in EDP scoping — consistently surfacing 25-40 percent discount on the aggregate connectivity category.
Case study: $186K peering line item
A SaaS company we engaged with had $186K annualized VPC Peering data transfer on a 7-VPC topology. The composition: 41% on a single high-traffic peering connection between application and data VPCs, 27% on cross-region replication between US-East and EU-West, 18% on cross-AZ amplification, 14% spread across six low-volume peers.
The intervention:
- Migrated the 7-VPC topology to a Transit Gateway hub. Eliminated 14 of 15 peering connections.
- Configured AZ-affinity routing on three high-volume services. Reduced cross-AZ amplification by ~70%.
- Replaced cross-region peering with Aurora Global Database for the database replication path, eliminating raw inter-region peering and consolidating cost into a credited Aurora line item.
- Negotiated 32 percent discount on the aggregate Transit Gateway + remaining peering line in the next EDP renewal.
Net result: connectivity spend dropped from $186K to $71K annualized. The savings split roughly 60/40 between architecture and contract.
Action checklist
- Inventory every VPC Peering connection in every account. Note region, source/destination VPCs, and route table entries.
- Pull 90 days of VPC Flow Logs and rank peering connections by transferred bytes.
- Identify any topology with five or more peered VPCs — flag for Transit Gateway migration analysis.
- Audit AZ placement on every chatty service crossing a peering connection.
- Evaluate PrivateLink as a peering replacement for high-volume single-service exposure patterns.
- Bundle peering into the data transfer scope of your next EDP renewal.
- Contact our advisory team for a connectivity-cost audit benchmarked against $2.4B+ of reviewed AWS spend.
VPC Peering remains the right answer for small, stable topologies. For everything else, the right answer is usually a deliberate move to Transit Gateway or PrivateLink, paired with EDP-level negotiation on the aggregate connectivity category. See our complete data transfer cost guide for how connectivity fits the broader transfer-cost picture.
Frequently asked questions
How much does VPC Peering cost?
VPC Peering itself has no hourly fee or setup cost. Data transfer bills at $0.01/GB each direction within a region, or $0.02/GB cross-region. Cross-AZ fees still apply on top of peering charges.
When is Transit Gateway cheaper than peering?
Once you have five or more interconnected VPCs in a hub-spoke pattern, Transit Gateway is almost always cheaper despite the $0.02/GB processing fee, because peering requires N*(N-1)/2 connections to fully mesh.
Does VPC Peering eliminate cross-AZ fees?
No. Cross-AZ fees apply additive to peering transfer charges. A round-trip cross-AZ call through a peering connection can bill at $0.06/GB once both AZ and peering legs are counted.
Can I peer VPCs across regions?
Yes. Inter-region VPC Peering bills at $0.02/GB each direction. For high-volume sustained cross-region traffic, Direct Connect with dedicated pricing or service-level replication (Aurora Global Database, DynamoDB Global Tables) may be cheaper.
Is VPC Peering negotiable?
Peering fees are not broken out individually in EDP discounting, but they roll up into the data transfer category, which is highly negotiable above ~$500K annual data transfer spend. We routinely bundle peering, Transit Gateway, and PrivateLink fees into a single discounted connectivity line.