Multi-cloud egress: when leaving AWS for cheaper egress actually pays for itself

Egress is the line item that gets quoted in conference talks but rarely audited in actual bills. Everyone knows AWS charges for data leaving the cloud. Far fewer engineering teams know what they pay for it last quarter, or whether the workload that does the bleeding could live somewhere cheaper.

We field this question every few weeks: "Cloudflare R2 has free egress. Should we move?" The answer is almost always "it depends", and the dependencies are not the ones you read about online. Below are the numbers, the three workload shapes that pay back fast, and the three that look attractive on a slide and lose money in production.

The numbers, in May 2026

Public list prices for outbound internet egress, ignoring the small free tiers and assuming you are past the first 100 GB:

• AWS: roughly $0.09 per GB at low volumes, dropping to $0.05 per GB once you cross 150 TB per month.
• Azure: very similar to AWS, $0.087 per GB down to $0.05 at 150 TB.
• GCP: $0.12 per GB for the first 1 TB, then tiered down to $0.08 at 10 TB and beyond.
• Cloudflare R2: $0.00 per GB egress. Storage is $0.015 per GB-month and operations are charged per million.

For a workload pushing 50 TB a month outbound, AWS and Azure run about $3,500 to $4,000 per month in egress alone. R2 storage on the same 50 TB sits at $750 per month, plus operations, which depending on access pattern lands somewhere between $50 and $500 per month. Call it $1,000 a month all-in for R2 versus $4,000 for AWS. The delta is real.

We built a side-by-side calculator that does this for whatever volume and access pattern your workload actually has. Multi-cloud egress cost calculator. It compares AWS, Azure, GCP, and R2 in one view, with realistic tier breakpoints. No email.

What you do not see in the egress quote

The list price is one of three numbers that decide whether the move pays back. The other two are migration cost and operational drift.

Migration cost is the obvious one. Moving 50 TB out of S3 into R2 at the AWS list rate is itself $4,500 in egress, paid once. AWS Snowball or Snowmobile gets cheaper at petabyte scale, but for a workload in the 10 to 100 TB range, the most common move is direct S3 to R2 over the public internet, eating one month of egress as the cost of the migration.

Operational drift is the number nobody quotes. R2 is S3-compatible at the API level, but every IAM policy, every lifecycle rule, every replication target, every Lambda trigger tied to S3 events needs a replacement. Cloudflare Workers can replace most Lambda triggers cleanly. Replication, lifecycle, and Glacier-equivalent storage tiers are where the analogy starts to fray. We have seen teams underestimate this by a factor of three, every time.

Three workload shapes where the move pays back

1. Public static assets with a long tail

Image-heavy CMS, video thumbnails, marketing assets, software installers, OS image archives, podcast back-catalogs. Anything that is read by the public, served through CDN, and rarely rewritten. These workloads are pure egress. Storage cost is small relative to bandwidth cost. The S3 to R2 migration is mechanical (a single rclone or AWS DataSync job), the Workers replacement for Lambda edge logic is straightforward, and there is no IAM-policy explosion because the bucket is mostly read-only public anyway.

Payback math on a typical 30 TB image archive serving 200 TB of egress per month: AWS bill around $14,000, R2 bill around $500. $13,500 a month saved against a one-time $2,700 migration cost. Pays back in week one. We have moved three of these for clients in the last twelve months. None have moved back.

2. Customer-facing data export

SaaS products that let customers export their data, download reports, pull database snapshots, or stream audit logs. The data sits in S3 but the egress goes to the customer, not internal compute. If the storage layer can be swapped without retraining the product, R2 is a real candidate. Worth checking before assuming the move is safe: replication requirements, regional residency, and whether your data processing agreements with customers reference S3 specifically.

Caveat: if the export volume is small, this is not worth touching. Below 5 TB per month outbound, the egress saving is in the low hundreds per month and the migration distraction is worth more.

3. CDN origin for a workload that already runs on Cloudflare

If you already run Cloudflare in front of your application, switching the origin from S3 to R2 removes a paid egress hop. The Bandwidth Alliance subsidizes nothing about your S3 to Cloudflare link, you pay AWS egress on every cache miss. Moving the origin to R2 makes that cache-miss cost zero. For a high cache-hit-ratio workload it does not move the needle. For a workload with a 20% cache miss rate on a TB-scale bucket, the saving is meaningful.

Three workload shapes where the move never pays

1. Compute that lives in AWS and reads from S3 a lot

EMR, SageMaker, Glue, Athena, EKS pods reading training data, EC2 instances pulling configs at boot, Lambda functions processing objects. The compute is in AWS. The reads are the dominant traffic pattern. There is no egress charge today because the traffic stays on the AWS network. Moving the storage to R2 turns every read into a public-internet pull, billed at AWS ingress rates ($0, but adds latency and reliability complications) and at R2 operations rates. The math goes the wrong way.

If you are tempted to migrate this kind of workload because of an egress slide, look at the actual DataTransfer-Out-Bytes metric for that bucket. If most reads happen inside AWS, your egress cost is small to begin with, and your savings are smaller.

2. Workloads with strict data residency or sovereignty needs

R2 distributes objects globally. There are no per-region buckets in the way S3 has. For a workload that needs data to physically reside in eu-west-1 or in a specific country, R2 is not a fit, no matter how attractive the egress price is. Cloudflare R2 Jurisdictional Restrictions exist (EU and FedRAMP), but they are coarser than what AWS offers and they cost extra. Read the fine print before modeling.

3. Heavy-write workloads with low egress

If your bucket is an event store, an audit log archive, or a backup target with infrequent reads, your AWS bill is dominated by storage and PUT operations, not egress. R2 storage is similar to S3 Standard, and R2 Class A operations (writes) are more expensive than S3 PUTs at scale. The economics flip. We saw one team save less than $200 a month on a $20,000 storage bill by moving, then spend a quarter unwinding their lifecycle rules. Not a recommended outcome.

The decision framework, in three questions

1. What is the egress as a percentage of the bucket's total cost? Pull aws s3api list-buckets, then for each candidate bucket query Cost Explorer filtered to DataTransfer-Out-Bytes. If egress is more than 60% of the bucket's total cost, the bucket is a migration candidate. If it is below 30%, it is not.
2. Where do the reads come from? Internal AWS compute (a non-candidate), public internet via CDN (a strong candidate), or named third-party endpoints (case by case). CloudFront access logs and S3 server access logs both have enough information to answer this in an afternoon.
3. What does the storage layer integration look like? List every IAM policy, Lambda trigger, replication rule, lifecycle policy, and KMS key reference for the bucket. Anything that is not S3-API-compatible is migration scope, and migration scope eats payback time.

Three honest answers and you have your decision. If the bucket passes all three, the move is usually worth it. If any one is weak, model the migration cost carefully before committing.

What we recommend on actual audits

On a typical multi-cloud audit, we find that 5 to 15 percent of the AWS S3 line item is egress on workloads that fit one of the three "move pays back" shapes. For a $200,000 a month AWS bill where S3 is 8% of total spend and egress is 30% of S3, that is roughly $4,800 a month leaving the budget for no operational reason. Over a year, $57,600. The migration cost on the first such workload is usually 4 to 6 weeks of one engineer's time, plus a one-time AWS egress charge equal to one month of the workload's outbound traffic.

Payback in 6 to 9 months on the first workload. Faster on the second once the team has the playbook. We do not recommend moving every bucket. We do recommend identifying the three or four where the math is unambiguous, moving those, and leaving the rest where they live.

What we run on every audit, for egress

• Top 10 buckets by DataTransfer-Out-Bytes for the last 90 days.
• For each, the read source breakdown: internal AWS compute, CloudFront, named external IPs, public internet.
• Per-bucket egress as a percentage of total bucket cost.
• NAT Gateway data processed for the same accounts, since NAT egress is often a hidden multiplier on what looks like S3 egress.
• Lambda and EC2 egress, broken out separately. (Lambda response payloads count as egress; many teams forget this.)
• Cross-region replication egress, often the largest hidden line item.
• VPC endpoint coverage for S3 and DynamoDB. (Missing endpoints push reads through NAT, billed as egress.)

Half of these are visible in Cost Explorer if you know the right filters. The other half need the Cost and Usage Report plus Athena. The reason most teams do not catch them is the same as every other cost finding: nobody owns the routine.

The tool, and the audit

If you want to run the math yourself in five minutes, the multi-cloud egress calculator covers the four major providers side by side. Plug in your monthly volume, source cloud, destination, and region tier. It tells you what each provider would charge for that exact workload.

If you want us to run it across your real bill and identify the candidate buckets, the 14-day free audit covers exactly that, plus the rest of the cost surface on AWS and Azure. Read-only access, no card, one-page report at the end.

---

Want to compare your actual egress bill across all four providers before deciding? Start with the free calculator, or skip ahead and let us run the audit.