Discovering ECS Fargate Fixed Costs (ALB + NAT Gateway) and Rethinking the Architecture
Introduction
I thought ECS Fargate was “pay only for what you use,” but when I actually ran it, I discovered fixed monthly costs of several thousand yen or more.
The culprits were ALB (Application Load Balancer) and NAT Gateway.
Understanding the Cost Structure
ECS Fargate costs fall into two main categories.
Variable Costs (pay for what you use)
| Item | Billing Unit |
|---|---|
| Fargate container | vCPU & memory × uptime |
| RDS | DB instance uptime |
Fixed Costs (charged constantly while running)
| Item | Tokyo region estimate (2024) | Monthly estimate |
|---|---|---|
| ALB | $0.0243/hr + LCU | ~$18+ / month |
| NAT Gateway (per AZ) | $0.062/hr + data transfer | ~$45+ / month |
NAT Gateway is charged per AZ. With multi-AZ configuration (2 AZs) for redundancy, NAT Gateway alone costs $90+/month.
Why I Didn’t Notice
I had the impression that “ECS Fargate is nearly free when no containers are running.” However, ALB and NAT Gateway are charged just by existing, regardless of container instance count.
Even if you scale tasks down to 0 thinking you’re saving money, fixed costs continue as long as ALB and NAT Gateway exist.
Architecture Revision
Before revision
Internet → ALB → ECS Fargate (Private Subnet)
↓
NAT Gateway → Internet (ECR/SSM outbound)
↓
RDS
After revision (minimum cost)
Internet → ALB → ECS Fargate (Private Subnet)
↓
VPC Endpoint (ECR/S3/SSM) ← NAT Gateway replacement
↓
RDS
Replace NAT Gateway with VPC Endpoints
| Resource | Purpose | Alternative |
|---|---|---|
| NAT Gateway | Pull images from ECR | VPC Endpoint for ECR |
| NAT Gateway | Access to S3 | VPC Gateway Endpoint for S3 (free) |
| NAT Gateway | SSM Parameter Store | VPC Endpoint for SSM |
VPC Endpoint Costs
VPC Endpoint (Interface type) costs $0.014/hr × number of AZs.
Using 3 endpoints in a single AZ:
- $0.014 × 3 = $0.042/hr
- Monthly: ~$30
This is cheaper than NAT Gateway ($0.062/hr × 1 AZ = $45/month).
ALB Alternatives (for dev/test environments)
For development cost reduction, removing ALB and accessing ECS directly is also an option.
| Method | Cost | Downside |
|---|---|---|
| With ALB | $18+/month | — |
| Without ALB (direct public IP) | Free | No HTTPS (requires self-signed cert, etc.) |
| Without ALB (via CloudFront) | Low cost | Complex configuration |
ALB is required for production, but we reconsidered whether ALB was needed for dev/test environments.
Revised Monthly Cost Estimate
| Resource | Configuration | Monthly estimate |
|---|---|---|
| ECS Fargate | 0.25vCPU × 0.5GB, 1 task, 24 hrs | ~$10 |
| RDS PostgreSQL | db.t4g.micro, single AZ | ~$15 |
| ALB | 1 unit | ~$18 |
| VPC Endpoint | Interface × 3 (single AZ) | ~$30 |
| S3 | Static file delivery | ~$1 |
| Total | ~$74/month |
Compared to before (NAT Gateway × 2 AZs), this saves about $30–40 per month.
Saving with Task Scale-Down
In dev environments, scaling ECS tasks to 0 overnight reduces Fargate compute costs.
# Scale down to 0 tasks (nights/weekends)
aws ecs update-service \
--cluster dvd-rental-cluster \
--service dvd-rental-service \
--desired-count 0
# Scale back to 1 when starting development
aws ecs update-service \
--cluster dvd-rental-cluster \
--service dvd-rental-service \
--desired-count 1
Note that fixed costs for ALB and NAT Gateway (or VPC Endpoint) remain unchanged.
Summary
Easy-to-miss ECS Fargate cost points:
- ALB has a $18+/month fixed cost — charged even when tasks = 0
- NAT Gateway costs $45+/month (per AZ) — doubles with multi-AZ
- Switching NAT Gateway → VPC Endpoint can save $15–30/month
- Use different configurations for dev vs. production — production needs multi-AZ, single-AZ is enough for dev
“Serverless is cheap” is half true — understanding the fixed costs of ALB and NAT Gateway upfront is critical.
Related Articles
→ Building a DVD Rental End-User App Alongside the Admin Dashboard — Vue 3 + Spring Boot Architecture Overview
→ Building a DVD Rental Admin App with Spring Boot + Thymeleaf on the dvdrental Sample Database