The three AWS edge-traffic services — Application Load Balancer, Network Load Balancer and API Gateway — get used interchangeably more often than the marketing pages suggest. They are not interchangeable, and the bill at the end of the quarter will tell you which one you actually needed.
This piece runs the same traffic through all three on a pinpole canvas and unpacks where each one shines, where each one quietly drains money, and the heuristic I have settled on after enough painful migrations.
What they actually bill on
- ALB — hourly base ($0.0225/hr) plus LCU. An LCU bundles new connections, active connections, processed bytes, and rule evaluations. The dimension that maxes out is what you pay for — usually new connections or processed bytes.
- NLB — hourly base plus NLCU. NLCUs charge per new flow, active flows, and bytes. Per-flow pricing is the killer at high connection churn.
- API Gateway HTTP API — flat $1.00 per million requests, plus data transfer. REST API is ~3.5× the price.
Cost across three workloads
Same traffic, different services. From a pinpole canvas simulation:
| Workload | ALB | NLB | API Gateway HTTP |
|---|---|---|---|
| Internal microservice, 5K RPS, persistent connections | $28/mo | $22/mo | $130/mo |
| Public REST API, 50M req/mo, short-lived TLS | $95/mo | $310/mo | $53/mo |
| WebSocket fleet, 100K concurrent | $220/mo | $180/mo | $1,100/mo |
| Public API w/ auth, throttling, JWT, 200M req/mo | $310/mo (+WAF +Cognito) | — | $210/mo (built-in) |
When each one is the right answer
ALB — the workhorse
Layer-7 routing, path-based rules, TLS termination, WAF integration. Best for fronting ECS/EKS services with HTTP traffic at moderate scale.
NLB — when you need raw L4
Static IP, TLS passthrough, extreme connection rates, non-HTTP protocols. Cheaper than ALB for long-lived connections; expensive for high churn.
API Gateway — when you need the platform
JWT auth, throttling, usage plans, request validation, native Lambda integration. Pay per request, no infrastructure to size.
The three most expensive misuses
- NLB for short-lived HTTPS connections. Per-flow charges make NLB up to 3× more expensive than ALB for browser-style traffic. NLB is for persistent or extreme-scale connections, not for "I heard it's faster."
- API Gateway in front of an internal service. Paying $1 per million requests for traffic that never leaves your VPC is a tax on convenience. Internal service-to-service should be ALB or service discovery, not API Gateway.
- ALB with thousands of listener rules. Each rule evaluation contributes to LCU. Teams that route hundreds of microservices through a single ALB sometimes pay more in rule-evaluation LCUs than they would in two smaller ALBs.
If the request is HTTP and crosses a public boundary with auth/throttling needs → API Gateway. If it's HTTP without those needs → ALB. If it's not HTTP, or if you need static IPs, or if connections are long-lived and dense → NLB. Anything else is a red flag worth simulating.
Running this on pinpole
On the canvas, the load balancer node exposes the full set of pricing dimensions — new connections per second, average connection duration, processed bytes per request, rule evaluations. Run the same traffic source through each variant and the cost simulator returns a live monthly bill per service. The differences are rarely subtle.
The right load balancer is a function of traffic shape, not preference.
Simulate ALB, NLB and API Gateway head-to-head with your real connection profile before you deploy.
Start 14-day free trial →