How to Virtually Eliminate Cloud Storage Egress Fees

How to Virtually Eliminate Cloud Storage Egress Fees
Photo by JJ Ying / Unsplash

As discussed in a Cloudflare Blog post, one of the most annoying and costly parts of cloud storage and cloud computing is the storage egress costs. AWS charges a crazy $0.09 per GB of data that leaves their datacenters to the public internet. I would be charged $9 to download 100GB on AWS, which is over 4x the monthly bill for those 100GB to be stored in AWS’s most costly storage tier: S3 Standard.

A notable example of these egress costs crippling a perfectly fine cloud migration is with NASA. NASA wanted to transfer Petabytes of data into AWS to help analyze the data and increase its effectiveness. Unfortunately, they forgot to factor in the network egress costs of both employees and the public accessing this data. And now that they have moved their data into S3, it is prohibitively expensive to export it.

Cloud storage doesn’t need to be like this. Other providers such as StorJ or Wasabi Cloud Storage have significantly reduced or eliminated data egress fees. However, companies still rely on AWS and S3 because of its tight integration.

Backblaze B2 seems to have the perfect balance. They have both a US and an EU datacenter storing your data for only $5/TB/month. Now, this isn’t like S3 glacier, your data is accessible in milliseconds from B2 and their egress is only $.01/GB. And there is a way to reduce it to nothing.

Backblaze is part of the Bandwidth Alliance which allows mutual customers of both cloud storage and CDN companies only pay one bill for egress, or in our case, no bill.

Both Cloudflare and Backblaze are part of this Bandwidth Alliance, and Cloudflare offers a free-tier that offers security protection including DDoS protection for websites as well as DNS and CDN. We are interested in the CDN part...

Each Backblaze B2 bucket has an HTTPS endpoint, usually something like If we take that hostname and proxy it through Cloudflare, any bandwidth used from that bucket, using your proxied hostname, will be classified as “Free Transfer” and therefore costing you nothing.

Go to your DNS settings in Cloudflare and set the Backblaze domain as the CNAME to a subdomain that you control, and make sure that it is proxied. It should look something like this.

There is one quick note about this approach. Ensure that your Cloudflare Firewall rules (located under the “Rules” tab) block the use of your proxied CNAME to accessing other Backblaze buckets. You can simply add a rule that allows traffic to your specific endpoint and blocks every other use of that CNAME and redirects the user to the Backblaze error page.

With that, you should be able to now have your static assets served via a CDN with no data egress fees when a cache MISS from Cloudflare occurs!

Although this process is meant for small media files to be cached by Cloudflare or Fastly, this can work with larger file from Backblaze. These files will just have a DYNAMIC CF-CACHE-STATUS, which means that Cloudflare will not cache these files. However, will all free tiers (especially with cloud storage and computing), using common sense and only downloading a reasonable ammount will help keep this efficient CDN caching solution open for all to benefit from.