NLB data transfer out costs when used as a custom CloudFront origin
Given the following setup:
- An internet-facing NLB (with a target group filled with healthy instances) in us-west-2
- A Route53 CNAME record for "mynlb.example.com", pointing to my NLB's public DNS name assigned by AWS
- A CloudFront distribution with "mynlb.example.com" as a Custom Origin
Does data transfer outbound from my NLB get charged as USW2-DataTransfer-Out-Bytes (cost per GB), or as USW2-CloudFront-Out-Bytes (free)? I believe that it would get charged as USW2-CloudFront-Out-Bytes, as AWS should be able to detect if outbound traffic is going to known CloudFront addresses, but can't find a clear distinction in any docs.
I'm concerned about the small chance that, since this is configured as a "custom" origin and going through a different DNS name, this may somehow be viewed and billed as traffic going out to the internet, and would like to have a confirmation either way.
- Language
- English
- Newest
- Most votes
- Most comments
Hello,
I agree with GenAI's response on this thread. The traffic should be classified as free when going from NLB to your CloudFront.
Here is some additional documentation for your reference:
- AWS CloudFront Pricing Documentation:
The official AWS CloudFront pricing page states: "Data transfer from AWS origins to CloudFront edge locations (Amazon CloudFront "origin fetches") is free of charge."
Source: https://aws.amazon.com/cloudfront/pricing/
- AWS Data Transfer Documentation:
In the AWS documentation on data transfer pricing, they clarify: "Data transferred from an AWS origin to Amazon CloudFront is free of charge."
Source: https://aws.amazon.com/ec2/pricing/on-demand/ (scroll down to "Data Transfer")
- AWS CloudFront Developer Guide:
In the section about CloudFront and custom origins: "When you use a custom origin, you pay only for the data transfer from your origin to CloudFront edge locations and from CloudFront edge locations to viewers. You don't pay for the data transfer from CloudFront to your custom origin."
Source: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CloudFrontOriginTypes.html
- AWS Networking and Content Delivery Blog: While not explicitly about billing, this blog post discusses the network path between origins and CloudFront, confirming that traffic stays within AWS's network:
"CloudFront retrieves content from origins over the AWS global network whenever possible, providing enhanced performance and security."
These documents collectively confirm that:
- Data transfer from AWS origins (including your NLB) to CloudFront is free.
- This applies even when using custom origins.
- AWS recognizes and treats this traffic specially, keeping it within their network.
When you use an internet-facing Network Load Balancer (NLB) as a custom origin for CloudFront, the data transfer from your NLB to CloudFront edge locations is free of charge. This traffic would be classified as USW2-CloudFront-Out-Bytes rather than USW2-DataTransfer-Out-Bytes.
AWS does indeed detect when traffic is going to CloudFront edge locations, even when you're using a custom domain name like "mynlb.example.com" that points to your NLB. The fact that you're using a CNAME record and a custom domain doesn't change how AWS identifies and bills this traffic.
Outbound traffic from AWS regions (including from load balancers) to CloudFront edge locations is free. You will still be charged for the data that eventually leaves the CloudFront edge locations to the internet (to your end users), but the specific segment between your NLB in us-west-2 and the CloudFront edge locations won't incur data transfer charges.
You would still pay for the NLB's Load Balancer Capacity Units (LCUs) and any other applicable charges, but the data transfer from the NLB to CloudFront edge locations would not be billed as internet data transfer.
Sources
ELB internet transfer cost | AWS re:Post
Interpret your AWS bill and usage reports for CloudFront - Amazon CloudFront
Could you give a direct link to the quote for "When you use a custom origin, you pay only for the data transfer from your origin to CloudFront edge locations and from CloudFront edge locations to viewers. You don't pay for the data transfer from CloudFront to your custom origin."? I don't see it on the page you linked (which actually just redirects to another page). Was that AI generated?