CloudFront Cost Reduction: Looking Closer at AWS Security Savings Bundle

Many businesses that rely heavily on the cloud end up dealing with hefty CloudFront costs. In particular, for companies that provide media services or services with a large proportion of video, image, and audio data transmission, CloudFront costs can become inevitably burdensome.  

Until now, businesses that use Cloudfront have not had many techniques that can significantly reduce costs. Companies that use large volumes of CloudFront are able to benefit from lower pricing with customized volume discounts. Meanwhile, companies that do not use large volumes of CloudFront end up paying full costs. 

On February 5, 2021, Amazon announced a new discount policy called the CloudFront Security Savings Bundle, which introduces a new way to save on cloud costs. 

What is CloudFront?

CloudFront is a CDN (Content Delivery Network) service provided by Amazon that can be used by integrating EC2, S3, and ELB services within AWS. It also provides advanced security functions by integrating with AWS Shield, WAF (Web Application Firewall), and Route 53.  

CloudFront service pricing options

  • Free-Tier: When you first sign up for AWS, you get 50 GB per month and 2 million HTTP/HTTPS requests free for one year.
  • On-Demand: You are billed for actual usage. 
  • Rate discount: 
    • Custom Pricing: If you use more than 10TB per month, you can get a discount by committing to a certain amount of usage.
    • Security Savings Bundle: Save up to 30% on a monthly subscription for one year. 

CloudFront pricing breakdown

CloudFront pricing is largely composed of the following costs: 

TypePrice RangeDescription
DTO(Data Transfer Out) to Internet$0.020 ~ $0.170Charges are incurred when data is delivered to users over the Internet from edge to edge
Regional Data Transfer Out to Origin$0.020 ~ $0.160 (per GB)The cost (i.e., POST and PUT requests) of delivering data to origin fetches at the request of the user 
HTTP/HTTPS request$0.0075 ~ $0.0220
(per 10,000 units)
Charges for HTTP or HTTPS requests from users (per 10,000) 
Origin Shield Requests$0.0075 ~ $0.0090
(per 10,000 units)
Origin Shield request charges for HTTP 
Invalidation request$0.005
(per request route)
Charge for file deletion requests from all edges before time-to-live (TTL) expires 
Field Level Encryption Requests$0.02
(per 10,000 requests)
Additional encryption costs by using a specific key within HTTPS 
Real-time log requests$0.01
(per 1 million units)
Real-time request information for data transmission 
Dedicated IP custom SSL$600 per month for each customer SSL certificationUsed to send content to browsers that do not support Server Name Indication (SNI). Users pay 600 USD per month for each custom SSL certificate 

How to Reduce CloudFront Costs

CloudFront pricing class configuration

CloudFront offers three pricing classes:

Edge locations are priced differently by region. When a user requests data transmission, data is transmitted from the nearest edge; the price is different for each edge.

 Edge Locations Included Within United States, Mexico, & Canada Europe & Israel South Africa, Kenya, & Middle East South AmericaJapanAustralia & New ZealandHong Kong, Philippines, Singapore, South Korea, Taiwan, & Thailand

India 

DTO pricing$0.085$0.085$0.110$0.110$0.114$0.114$0.140$0.170
All Edge locationsYesYesYesYesYesYesYesYes
Us, Canada, Europe, Asia and MEAYesYesYesxYesxYesYes
Only US, Canada and EuropeYesYesxxxxxx

In the case of global service, if you distribute content to all edges, it’s hard to reduce costs. However, if latency or transmission speed is not an issue for you, selecting the US, Canada and Europe region will allow data transmission to be set at a lower priced edge, thereby saving you money. 

Cache-Control

It is important to ensure that the expiration period is not too short in the cache-control and Expires header, so that each file is stored at the edge and in the browser for as long as possible. If adjusted appropriately, the amount of data downloaded to the browser can be minimized. 

CloudFront Security Savings Bundle

The two methods introduced earlier do not apply in all cases, and methods such as cache-control require too much effort to set up. The most effective way to reduce CloudFront costs is to use the Savings Bundle. 

Savings Bundle summary

  • Must commit to a certain monthly fee (USD) for one year 
  • Applied in the form of monthly credit, so you can get up to a 30% discount 
  • Receive and redeem AWS WAF credits of up to 10% of your commitment, so you can get an extra discount when using WAF 

Savings Bundle example

If you use $600 per month, the commitment amount can be calculated as follows: 

$600 * 70% = $420 

By committing to $420 per month, you can save $180 per month and $2,160 per year. In addition, AWS WAF credits come out to $42 per month. 

How to determine your Savings Bundle commitment amount

Most companies do not have a constant monthly CloudFront usage. Below is a simple  guideline for determining the commitment amount.  

  • It’s most effective to use the contracted amount so that it can be used on a monthly basis since it’s not carried over when the contracted amount is not used. 
  • Look at your expense history over the past few months to determine how much you can spend on all your commitments on a monthly basis. In the example shown below, it is effective to set a contract amount of $580 to $600. 
If you have committed $400 from September 1, 2019, the cost will be as follows:
  • After the contract has expired, CloudFront costs are reviewed every few months, and if the on-demand cost continues above a certain amount, additional savings can be achieved by making an additional Savings Bundle agreement. In the example below, you can save even more by making an additional commitment of about $300. 
  • If you don’t re-commit after your commitment period is over, you will have to pay the On-Demand amount, so you need to be extra wary of your commitment expiration date. 

 

Cost savings using CloudFront for EC2 or S3 traffic

In the case of using web services with EC2, CloudFront can become expensive, but you can save costs when applying the Savings Bundle. 

In the case of S3, it is more expensive than the on-demand price of CloudFront, but if you use the Savings Bundle, you can use it at a much faster transfer speed while benefiting from a lower price.  

The table below compares the data transmission cost of each service of the Seoul Region. The lowest priced services according to their transmission capacity are marked in yellow. As shown in the table below, using the CloudFront Savings Bundle can significantly reduce data transfer costs. 

Reference

© 2021 Grumatic Inc. All Rights Reserved