I'll add: When doing instance to instance communication (in the same AZ) always use private ips. If you use public ip routing (even the same AZ) this is charged as regional data transfer.

Even worse, if you run self hosted NAT instance(s) don't use a EIP attached to them. Just use a auto-assigned public IP (no EIP).

  NAT instance with EIP
    - AWS routes it through the public AWS network infrastructure (hairpinning).
    - You get charged $0.01/GB regional data transfer, even if in the same AZ.

  NAT instance with auto-assigned public IP (no EIP)
    - Traffic routes through the NAT instance’s private IP, not its public IP.
    - No regional data transfer fee — because all traffic stays within the private VPC network.
    - auto-assigned public IP may change if the instance is shutdown or re-created so have automations to handle that. Though you should be using the network interface ID reference in your VPC routing tables.

> You get charged $0.01/GB regional data transfer, even if in the same AZ.

My understanding is that transfer gets charged on both sides as well. So if you own both sides you'll pay $0.02/GB.