AWSAmazon VPCNetworking

aws_ec2_transit_gateway cost estimation

A network hub connecting multiple VPCs, VPNs, and Direct Connects. $0.05/hour per attachment plus $0.02/GB processed.

An aws_ec2_transit_gateway is a central hub for inter-VPC, VPN, and Direct Connect routing. Right for organizations with multiple VPCs that need to communicate without N-to-N VPC peering.

Pricing has two main parts.

Attachment hours: each attachment to the TGW (VPC, VPN, Direct Connect Gateway, peering, Connect) costs $0.05/hour, or about $36/month per attachment. A TGW with 10 VPC attachments costs $360/month in attachment hours before any traffic.

Data processing: $0.02/GB for bytes flowing through the TGW. Note this is separate from regular AWS data transfer fees and applies to all traffic the TGW touches.

The TGW itself (the aws_ec2_transit_gateway resource) is free. You pay only for attachments. Multi-region TGW peering also bills per attachment-hour plus data processing.

Compared to alternatives: - VPC peering (aws_vpc_peering_connection): free as connections, only inter-AZ data transfer costs apply. Right for small numbers of VPCs without complex routing. - Cloud WAN (aws_networkmanager_*): higher-level wide-area network construct. Different pricing model with per-CNU rates. - VPN Gateway: lower per-hour cost but lacks TGW's multi-VPC routing capability.

TGW makes sense when you have more than ~5 VPCs that need to communicate, or when you need centralized inspection (security appliances) for inter-VPC traffic.

c3x reads transit gateway and attachment resources, multiplies by the per-attachment rate, and estimates data processing if specified in c3x-usage.yml.

Terraform example

A minimal but realistic configuration that C3X can estimate.

resource "aws_ec2_transit_gateway" "main" {
  description                     = "Production network hub"
  default_route_table_association = "enable"
  default_route_table_propagation = "enable"

  tags = {
    Name = "production-tgw"
  }
}

resource "aws_ec2_transit_gateway_vpc_attachment" "main" {
  subnet_ids         = aws_subnet.private[*].id
  transit_gateway_id = aws_ec2_transit_gateway.main.id
  vpc_id             = aws_vpc.main.id

  tags = {
    Name = "main-vpc-attachment"
  }
}

Pricing dimensions

What you actually pay for when you provision aws_ec2_transit_gateway.

DimensionUnitWhat's being charged
TGW attachment hoursper attachment per hourPer attachment (VPC, VPN, DX Gateway, peering, Connect). Multiplied by number of attachments.
$0.05/hour ≈ $36.50/month per attachment
Data processingper GB processedBytes flowing through the TGW. Applies to all traffic the TGW touches.
$0.02/GB
TGW peering attachment hoursper attachment per hourCross-region or cross-account TGW peering. Same per-hour rate as other attachments.
Transit Gateway resource itselffreeThe aws_ec2_transit_gateway resource has no charge. Cost is in the attachments.
$0

Optimization tips

Common ways to reduce aws_ec2_transit_gateway cost without changing the workload.

Consolidate VPCs before adopting TGW

$36/month per eliminated attachment

Each attachment is $36/month. For 5 small VPCs, that's $180/month in TGW costs before any traffic. Sometimes consolidating into fewer larger VPCs avoids the TGW entirely.

Use VPC peering for small topologies

Up to $108/month for small setups

If you have 3 or fewer VPCs that need mesh connectivity, VPC peering is free (you pay only inter-AZ data transfer). 3 VPCs = 3 peering connections. TGW is overkill until you have 5+ VPCs.

Watch data processing fees

$0.02/GB on bypassed traffic

$0.02/GB through the TGW is on top of regular AWS data transfer. For high-volume inter-VPC traffic, this adds up. Direct VPC peering avoids the data processing fee.

Remove unused attachments

$36/month per removed

Attachments from decommissioned VPCs or test setups continue to bill $36/month. Audit aws_ec2_transit_gateway_*_attachment resources for unused ones.

FAQ

TGW or VPC peering?

VPC peering for ≤5 VPCs in a simple mesh. TGW for 5+ VPCs, hub-and-spoke topologies, centralized inspection, or when you need to attach VPN/Direct Connect alongside VPCs. The crossover is roughly at 5-7 attachments where TGW's complexity savings justify the cost.

Does c3x include TGW data processing?

Attachment-hours are estimated directly. Data processing is usage-based; specify monthly_data_processed_gb in c3x-usage.yml on the TGW.

What about TGW Connect attachments?

TGW Connect attachments (used to integrate SD-WAN appliances) have the same per-hour fee as VPC attachments. They also add per-Connect-peer charges. c3x estimates them when declared.

Is cross-region TGW peering expensive?

Yes. Each peering attachment is $36/month plus data processing plus standard cross-region transfer fees on data that crosses regions. Multi-region TGW setups can easily hit $500-1000/month before traffic.

Related resources

AWS
aws_vpc

VPCs attach to the Transit Gateway

AWS
aws_vpn_connection

Alternative attachment type for on-premises connectivity

AWS
aws_directconnect_connection

Higher-throughput alternative for on-premises

Estimate this resource in your own Terraform

Free, open source, no API key. C3X parses your Terraform and shows line-item cost for every resource, including aws_ec2_transit_gateway.

Get StartedStar on GitHub
← Browse all AWS resources