I am trying to understand the cost implications between S3 and Ec2. I found this a nice article but it triggered me the following confusion.
If the internet gateway is used to access the public endpoint of the AWS services in the same Region (Figure 1 – Pattern 1), there are no data transfer charges. If a NAT gateway is used to access the same services (Figure 1 – Pattern 2), there is a data processing charge (per gigabyte (GB)) for data that passes through the gateway.
AFAIK, NAT gateway comes into the picture in when Ec2 wants to communicate something outside. So, does this mean, any S3 data transfer (ingress/egress) between private subnet Ec2 instance and S3 is not free (as I have configured NAT)? Similarly, any S3 data transfer (ingress/egress) between the public subnet instances and S3 is only free?
The term Data Transfer specifically refers to traffic going from AWS to the Internet. Therefore, any traffic between any AWS services in the same Region do not attract Data Transfer costs.
However, there might be some charges for VPCs and NAT Gateways. These are not called "Data Transfer", but are instead specifically related to the service being used. See: Amazon VPC Pricing - Amazon Web Services
The endpoints of AWS services reside on the Internet. These are the locations where requests are sent, such as requests to launch an Amazon EC2 instance or to upload data to an Amazon S3 bucket.
If you have resources in a private subnet that wish to communicate with AWS services (such as Amazon S3), you can add a VPC Endpoint to your VPC. You will sometimes see these Endpoints referred to as connecting through AWS PrivateLink. For example, a VPC Endpoint for S3 acts as a 'shortcut' between the VPC and the S3 endpoints. There is no charge for traffic sent over a VPC Endpoint. This reduces the amount of traffic going via the NAT Gateway, and possibly even totally eliminates the need for a NAT Gateway.
See: Access AWS services through AWS PrivateLink - Amazon Virtual Private Cloud