Introduction
Cloud pricing is designed to be incomprehensible. Not maliciously — but the sheer number of dimensions (compute, storage, transfer, operations, features, support, reservations) across hundreds of services creates a complexity that even experienced cloud architects struggle to navigate.
This post does not attempt to provide a comprehensive pricing calculator. Instead, it examines the pricing philosophies that drive each provider's cost structure, identifies the hidden costs that most comparisons miss, and models total cost of ownership for realistic workloads to show when each provider's pricing model works in your favor.
The thesis: Cloudflare's pricing is designed for predictability. Hyperscaler pricing is designed for optimization. Neither is universally better, but they reward very different operational behaviors.
Pricing Philosophies
Cloudflare: Flat-Rate, Plan-Based
Cloudflare's core pricing model is plan-based. You pay a flat monthly fee per zone (domain) and get a bundle of features:
| Plan | Monthly Cost | Annual Cost | Key Inclusions |
|---|---|---|---|
| Free | $0 | $0 | Unlimited CDN bandwidth, DNS, DDoS, basic WAF, SSL/TLS |
| Pro | $25/zone | $20/zone ($240/yr) | Managed WAF, image optimization, bot fight mode, 20 page rules |
| Business | $250/zone | $200/zone ($2,400/yr) | Advanced rate limiting, 100% SLA, custom certificates, 50 page rules |
| Enterprise | Custom | Custom | Custom WAF rules, bot management, priority support, advanced analytics |
The critical insight: traffic volume does not change the price. A site serving 1TB/month and a site serving 100TB/month on the Pro plan both pay $25/month ($20/month with annual commitment). There are no bandwidth overage charges, no per-request fees for CDN or security features, and no scaling costs for DDoS attacks.
Usage-based services (Workers, R2, D1, KV) have their own pricing, but with generous free tiers and simple per-unit rates:
| Service | Free Tier | Paid Pricing |
|---|---|---|
| Workers | 100K requests/day | $0.30/million requests + $0.02/million CPU-ms |
| R2 | 10GB storage, 10M reads | $0.015/GB storage, $0 egress |
| D1 | 5M reads/day, 100K writes/day | $0.001/million reads, $1.00/million writes |
| KV | 100K reads/day, 1K writes/day | $0.50/million reads, $5.00/million writes |
AWS: Metered, Dimension-Rich
AWS pricing is per-unit, per-dimension, per-service. A single S3 bucket incurs charges for:
- Storage per GB per month (varies by storage class)
- PUT, COPY, POST, LIST requests per 1,000
- GET, SELECT requests per 1,000
- Data transfer out to internet per GB (tiered by volume)
- Data transfer to other AWS regions per GB
- Lifecycle transition requests
- S3 Inventory, Analytics, Object Lock (if enabled)
- Data retrieval charges (for IA/Glacier classes)
Multiply this by 200+ AWS services and you understand why AWS billing is a category of expertise unto itself.
AWS provides three main discount mechanisms:
| Mechanism | Savings | Commitment | Flexibility |
|---|---|---|---|
| Savings Plans | 30-72% | 1 or 3 years | Compute: any instance family/region. EC2: specific family/region |
| Reserved Instances | Up to 72% | 1 or 3 years | Specific instance type, region, OS |
| Spot Instances | Up to 90% | None | Can be interrupted with 2-min warning |
These discounts are powerful but require capacity planning expertise and willingness to commit.
CloudFront Flat-Rate Pricing Plans
In November 2025, AWS introduced flat-rate pricing plans for CloudFront that represent a significant departure from their traditional metered model. These plans bundle CDN, WAF, DDoS protection, Route 53 DNS, CloudWatch log ingestion, CloudFront Functions (serverless edge compute), and S3 storage credits into a single monthly price with no overage charges:
| Plan | Monthly Cost | Data Transfer | Requests | WAF Rules | S3 Credit |
|---|---|---|---|---|---|
| Free | $0 | 100 GB | 1M | 5 | 5 GB |
| Pro | $15 | 50 TB | 10M | 25 | 50 GB |
| Business | $200 | 50 TB | 125M | 50 | 1 TB |
| Premium | $1,000 | 50 TB | 500M | 75 | 5 TB |
Each plan covers one CloudFront distribution (one apex domain). If usage exceeds plan allowances, AWS throttles performance rather than billing overages — DDoS traffic is excluded from allowance calculations.
A critical cost advantage for AWS customers: data transfer from any AWS origin (S3, EC2, ALB, etc.) to CloudFront is free. This means organizations already on AWS pay zero origin egress when using CloudFront, whereas using Cloudflare in front of AWS infrastructure still incurs standard AWS egress charges from origin to Cloudflare.
The flat-rate plans do have limitations: no Lambda@Edge (only CloudFront Functions), no real-time access logs, one domain per plan, and the bundled WAF/DDoS is less comprehensive than AWS Shield Advanced ($3,000/month). But for many workloads, these plans make AWS's edge pricing directly competitive with Cloudflare's.
Azure: Metered + Enterprise Agreements
Azure's pricing structure mirrors AWS in per-unit metering but adds enterprise complexity through licensing:
- Pay-as-you-go: Standard metered pricing, similar to AWS on-demand
- Azure Reserved Instances: 1-3 year commitments for 35-72% savings
- Enterprise Agreements (EA): Negotiated pricing for large organizations, typically with committed spend
- Microsoft Customer Agreement (MCA): Simplified contracting for mid-market
- Azure Hybrid Benefit: Use existing Windows Server and SQL Server licenses to reduce Azure VM costs by up to 85%
The Azure Hybrid Benefit is significant: organizations with existing Microsoft licensing (Windows Server, SQL Server) can apply those licenses to Azure VMs, dramatically reducing compute costs. This makes Azure uniquely cheap for Windows-based workloads.
Azure's licensing complexity means that two organizations with identical workloads may pay very different amounts based on their enterprise agreement, existing licenses, and committed spend.
Google Cloud: Metered + Automatic Discounts
Google Cloud pricing is metered like AWS but with more automatic discounts:
- Sustained Use Discounts (SUDs): Automatic discounts up to 30% for VMs running more than 25% of the month — no commitment required
- Committed Use Discounts (CUDs): 1-3 year commitments for 37-55% savings
- Preemptible / Spot VMs: Up to 91% discount, with 24-hour maximum runtime and preemption risk
- Flat-rate pricing for BigQuery: Option for fixed monthly compute pricing for analytics workloads
Google's Sustained Use Discounts are the most customer-friendly automatic discount in cloud computing. If you run a VM for an entire month, you automatically pay about 30% less than the on-demand rate — with no commitment, no configuration, and no risk. AWS has no equivalent automatic discount.
Hidden Costs: What Pricing Pages Don't Emphasize
Data Transfer: The Tax on Success
Data transfer costs are the largest hidden expense in cloud computing. The pricing pages for each service show per-GB compute and storage costs prominently. Data transfer rates are buried in separate pages.
Egress to internet (per GB, first 10TB tier):
| Provider | Cost |
|---|---|
| Cloudflare | $0 (CDN, R2, all services) |
| AWS | $0.09 |
| Azure | $0.087 |
| Google Cloud | $0.12 |
Cross-region transfer (per GB):
| Provider | Cost |
|---|---|
| Cloudflare | N/A (auto-distributed) |
| AWS | $0.01-0.02 |
| Azure | $0.01-0.02 (intra-continent), $0.05-0.16 (inter-continent) |
| Google Cloud | $0.01 (intra-continent), $0.05-0.08 (inter-continent) |
Cross-AZ transfer (per GB, same region):
| Provider | Cost |
|---|---|
| Cloudflare | N/A |
| AWS | $0.01 each direction ($0.02 round trip) |
| Azure | Free (within same region) |
| Google Cloud | Free (within same region) |
AWS's cross-AZ charge is uniquely punitive. A high-availability architecture with services spread across three AZs — which AWS itself recommends — generates cross-AZ transfer costs on every internal service call, database replication event, and log shipment. For a moderately chatty microservices architecture, cross-AZ costs of $500-2,000/month are common and often discovered only after deployment.
NAT Gateway: AWS's Stealth Cost
AWS NAT Gateways — required for private subnet resources to reach the internet — charge $0.045/hour ($32.40/month) plus $0.045/GB processed. A single NAT Gateway processing 1TB/month costs $77.40/month. Multi-AZ deployments typically need one per AZ, tripling the cost.
For applications that make frequent outbound API calls (webhooks, third-party integrations, downloading data), NAT Gateway data processing charges can exceed the compute costs of the instances behind it.
No other provider has an equivalent stealth charge. Azure, Google, and Cloudflare do not charge per-GB for NAT-equivalent functionality.
Monitoring and Logging
CloudWatch costs on AWS accumulate silently:
- Custom metrics: $0.30/metric/month (first 10,000)
- Dashboard: $3/dashboard/month
- Logs ingestion: $0.50/GB
- Logs storage: $0.03/GB/month
- Alarms: $0.10/alarm/month
A production workload with 50 custom metrics, 5 dashboards, 100GB logs/month, and 20 alarms costs approximately $85/month just for monitoring. This is often not included in TCO comparisons. Note: AWS's CloudFront flat-rate plans now bundle CloudWatch log ingestion for CDN and WAF at no additional cost, reducing this figure for edge-heavy workloads — though backend infrastructure monitoring (EC2, RDS, Lambda) still incurs variable charges.
Azure Monitor has similar per-unit log ingestion costs ($2.76/GB ingested into Log Analytics).
Google Cloud provides 50GB/month of free logging, more generous than AWS or Azure.
Cloudflare includes analytics and basic logging in all plans. Logpush (detailed log export) is available on Enterprise plans.
Support Plans
Support is frequently omitted from pricing comparisons but can be a major expense:
| Provider | Tiers | Cost Range |
|---|---|---|
| Cloudflare | Email (free), Priority (Business+), Premium (Enterprise) | $0 - included in plan |
| AWS | Developer, Business, Enterprise On-Ramp, Enterprise | $29 - $15,000+/month (or 3-10% of bill) |
| Azure | Developer, Standard, Professional Direct, Premier | $29 - custom |
| Standard, Enhanced, Premium | Included - $12,500+/month |
AWS Business support costs the greater of $100/month or 3-10% of your monthly bill. On a $50,000/month bill, that is $1,500-5,000/month just for support. This alone can exceed the entire cost of a Cloudflare Business plan.
Total Cost of Ownership: Realistic Scenarios
Scenario 1: SaaS Application (Public-Facing Web App)
Workload: Web application serving 50M page views/month, 10TB CDN bandwidth, 500GB database, API backend, user-uploaded files (2TB stored, 5TB/month served).
| Component | Cloudflare + Workers | AWS (Pay-As-You-Go) | AWS (CloudFront Flat-Rate) | Google Cloud |
|---|---|---|---|---|
| CDN (10TB bandwidth) | $0 (Pro plan) | $850 (CloudFront) | $200 (Business plan) | $800 (Cloud CDN) |
| Compute (API backend) | $50 (Workers) | $200 (Fargate) | $200 (Fargate) | $100 (Cloud Run) |
| Database | $30 (D1) | $200 (RDS PostgreSQL) | $200 (RDS PostgreSQL) | $150 (Cloud SQL) |
| Object storage (2TB) | $30 (R2) | $46 (S3) | $46 (S3) | $40 (GCS) |
| Storage egress (5TB) | $0 (R2) | $450 (S3 egress) | $0 (via CloudFront) | $500 (GCS egress) |
| DDoS + WAF | $25 (Pro plan) | $75 (WAF) | $0 (bundled) | $50 (Cloud Armor) |
| DNS | $0 | $5 (Route 53) | $0 (bundled) | $5 (Cloud DNS) |
| SSL/TLS | $0 (included) | $0 (ACM) | $0 (ACM) | $0 (managed) |
| Monitoring | $0 (included) | $85 (CloudWatch) | $50 (CDN logs bundled) | $30 (Cloud Monitoring) |
| Support | $0 (Pro plan email) | $100 (Business minimum) | $100 (Business minimum) | $0 (Standard) |
| Total | ~$135/month | ~$2,011/month | ~$796/month | ~$1,675/month |
Cloudflare's total is 83% cheaper than the best AWS option (CloudFront flat-rate) and 92% cheaper than Google Cloud for this workload. With AWS pay-as-you-go pricing, the gap widens to 93%.
The AWS flat-rate column uses the CloudFront Business plan ($200/month, bundling CDN, WAF, DDoS, DNS, and CloudWatch CDN logs with 50TB transfer and 125M requests). Storage egress drops to $0 because S3 content served via CloudFront incurs no origin-to-CloudFront transfer cost and CDN delivery is covered by the plan. The flat-rate plan cuts AWS's total cost by 60%, but the remaining gap is driven by backend costs: Workers ($50) vs. Fargate ($200) and D1 ($30) vs. RDS ($200).
Important caveats: This scenario maximizes Cloudflare's advantage (high bandwidth, egress-heavy, workload fits edge constraints). The Cloudflare architecture assumes your workload fits within Workers' constraints and D1's capabilities. If you need a full PostgreSQL with complex queries, the $200 RDS cost is not avoidable. Cloudflare pricing shown uses monthly rates ($25/month Pro plan); annual commitment reduces this to $20/month.
Scenario 2: Data-Intensive Backend (Low Public Traffic)
Workload: Data processing pipeline. 100GB data ingestion/day, 5TB stored, heavy compute (ML inference), minimal public-facing traffic.
| Component | Cloudflare | AWS | Google Cloud |
|---|---|---|---|
| Compute (ML inference) | Not viable (Workers limit) | $500 (g4dn.xlarge Spot) | $400 (n1-standard-4 + T4 Spot) |
| Storage (5TB) | $75 (R2) | $115 (S3) | $100 (GCS) |
| Data processing | Not viable | $300 (Lambda + Step Functions) | $250 (Dataflow) |
| Database | Not viable (10GB D1 limit) | $400 (RDS r6g.xlarge) | $350 (Cloud SQL) |
| Internal transfer | N/A | $100 (cross-AZ) | $0 |
| Monitoring | N/A | $50 (CloudWatch) | $20 (Cloud Monitoring) |
| Total | Not suitable | ~$1,465/month | ~$1,120/month |
For compute-heavy backend workloads, Cloudflare's platform cannot serve the primary compute needs. Workers' 128MB memory and 30-second limit make ML inference, large data processing, and complex database operations impractical. This is a hyperscaler workload.
Google Cloud wins this scenario due to lower Spot GPU pricing and no cross-AZ transfer charges.
Scenario 3: Hybrid Architecture (Edge + Regional)
Workload: Global e-commerce platform. Edge for CDN, auth, personalization. Regional for order processing, inventory, payments. 100M requests/month, 20TB CDN bandwidth.
| Component | Cloudflare Edge + AWS Backend | Pure AWS (Pay-As-You-Go) | Pure AWS (CloudFront Flat-Rate) | Pure Google Cloud |
|---|---|---|---|---|
| CDN (20TB) | $0 (Cloudflare) | $1,700 (CloudFront) | $200 (Business plan) | $1,600 (Cloud CDN) |
| Edge compute | $60 (Workers) | $0 (CloudFront Functions) | $0 (CloudFront Functions) | N/A |
| DDoS + WAF | $250 (Business plan) | $3,075 (Shield Advanced + WAF) | $0 (bundled) | $100 (Cloud Armor) |
| Regional compute | $400 (Fargate on AWS) | $400 (Fargate) | $400 (Fargate) | $350 (Cloud Run) |
| Database | $300 (RDS on AWS) | $300 (RDS) | $300 (RDS) | $250 (Cloud SQL) |
| Object storage | $30 (R2) | $50 (S3) | $50 (S3) | $40 (GCS) |
| Storage egress | $0 (R2 to users) | $900 (S3 via CloudFront) | $0 (S3 → CF free, CF delivery bundled) | $1,000 (GCS to users) |
| AWS egress to Cloudflare | ~$200 (origin to CF) | N/A | N/A | N/A |
| Support | $0 (CF) + $100 (AWS Business) | $200 (AWS Business) | $200 (AWS Business) | $0 |
| Total | ~$1,340/month | ~$6,625/month | ~$1,150/month | ~$3,340/month |
This scenario shows the most dramatic impact of AWS's flat-rate pricing. With pay-as-you-go, the Cloudflare hybrid architecture dominates at 80% less than pure AWS. But with CloudFront's flat-rate Business plan, pure AWS ($1,150) is now cheaper than the Cloudflare hybrid ($1,340) — primarily because AWS-to-CloudFront origin transfer is free, while the hybrid architecture still incurs ~$200 in AWS egress to Cloudflare.
The flat-rate AWS column uses the CloudFront Business plan ($200/month), which bundles CDN (50TB), WAF (50 rules), DDoS protection, DNS, and CDN log ingestion. The bundled DDoS/WAF is less comprehensive than Shield Advanced ($3,000/month) — it does not include the DDoS Response Team, cost protection for scaling during attacks, or advanced L7 protections. For enterprise e-commerce platforms that require Shield Advanced, add $3,000/month to the flat-rate column.
Cloudflare pricing uses monthly rates ($250/month Business plan); annual commitment reduces this to $200/month, bringing the hybrid total to ~$1,290/month. Either way, the cost difference between the Cloudflare hybrid and AWS flat-rate is now narrow enough that the decision should be driven by architecture and feature requirements rather than cost alone.
Free Tier Comparison
| Service Category | Cloudflare | AWS Free Tier | Azure Free | Google Cloud Free |
|---|---|---|---|---|
| Duration | Permanent | 12 months (most) + always-free | 12 months + always-free | 90 days ($300) + always-free |
| CDN bandwidth | Unlimited | 1 TB/month (12 months) | None | None |
| DNS | Unlimited zones, unlimited queries | N/A | N/A | N/A |
| DDoS protection | Full L3/L4/L7 | Shield Standard (L3/L4) | Basic infrastructure | Basic infrastructure |
| WAF | Basic rules | N/A | N/A | N/A |
| SSL/TLS | Universal SSL (all domains) | ACM (free certificates) | N/A | N/A |
| Serverless compute | 100K requests/day | 1M Lambda requests/month | N/A | 2M Cloud Functions/month |
| Object storage | 10GB (R2) | 5GB S3 (12 months) | 5GB Blob (12 months) | 5GB GCS |
| Database | 5M D1 reads/day | 25GB DynamoDB | 750 hours SQL (12 months) | 1GB Firestore |
| Compute (VMs) | N/A | 750 hours t2.micro (12 months) | 750 hours B1s (12 months) | e2-micro (always-free) |
| Email Routing (unlimited) | 62K SES emails/month (EC2) | N/A | N/A |
Cloudflare's free tier is the only one that provides production-quality CDN, DNS, DDoS, and WAF permanently at no cost with truly unlimited bandwidth. AWS's CloudFront free flat-rate plan (100GB transfer, 1M requests, 5 WAF rules, DNS included) is a notable new entrant — while more limited in bandwidth, it bundles more services than AWS's traditional free tier. AWS and Azure's most generous trial-based free tier items expire after 12 months. Google's $300 credit expires after 90 days. Google's always-free e2-micro and Cloudflare's permanent free tier are the only offerings that remain fully useful indefinitely.
The Pricing Psychology
Why Cloudflare Gives Away So Much
Cloudflare's free tier is not charity — it is a customer acquisition funnel. Every domain on Cloudflare's free plan:
- Adds traffic to Cloudflare's network, improving their DDoS detection and bot management ML models
- Is a potential upgrade to Pro ($25/month), Business ($250/month), or Enterprise
- May adopt Workers, R2, D1, or Zero Trust as their needs grow
- Generates brand affinity and word-of-mouth
The marginal cost of adding a free-tier domain to an anycast network that already handles millions of domains is minimal. The lifetime value of converting a percentage to paid plans justifies the investment.
Why Hyperscalers Charge for Egress
Egress fees serve two strategic purposes for hyperscalers:
- Revenue: At AWS's scale, data transfer is a multi-billion dollar revenue line
- Lock-in: Egress fees make it expensive to move data out, send data to other providers, or adopt multi-cloud architectures. This concentrates workloads on a single provider.
Cloudflare has publicly argued that egress fees are artificially high relative to actual bandwidth costs ($0.09/GB vs $0.001-0.005/GB at wholesale). Whether this framing is fair or not, the economic effect is real: egress fees shape architectural decisions in ways that benefit the provider charging them.
AWS has partially responded to this pressure with CloudFront flat-rate plans that bundle up to 50TB of CDN transfer for $15-$1,000/month — effectively eliminating per-GB egress for edge delivery. Notably, this applies to CDN egress only; direct S3 and EC2 egress to the internet (not via CloudFront) remains metered at standard rates.
The True Cost of "Free" Tiers
Hyperscaler free tiers serve as onboarding ramps. The 12-month AWS Free Tier gets you building on AWS — learning the APIs, integrating services, accumulating data. When the free tier expires, migration cost (egress fees, engineering time, re-architecture) often exceeds the cost of simply paying the bill. This is rational business strategy, and users should be aware of it.
Cloudflare's permanent free tier avoids this dynamic — you can use it indefinitely without feeling pressure to upgrade. The upgrade decision is feature-driven (you want WAF rules, or you want Workers), not deadline-driven.
Decision Framework
Cloudflare Pricing Wins When:
- Bandwidth is a significant cost — $0 CDN and R2 egress eliminates the largest variable cost
- Security is expensive elsewhere — DDoS, WAF, and bot management bundled into plan pricing
- Predictability matters — flat monthly cost regardless of traffic spikes or DDoS attacks
- You are starting out — the permanent free tier provides real production value
- Your workload fits edge constraints — Workers, D1, KV, R2 are priced very competitively for edge workloads
Hyperscaler Pricing Wins When:
- Compute-heavy workloads — reserved instances and spot pricing provide 60-90% savings on large compute
- You can commit — 1-3 year commitments unlock massive discounts that Cloudflare cannot match on compute-equivalent services
- Internal traffic dominates — when data stays within the cloud (compute-to-database, service-to-service), egress is not a factor
- You are already on AWS — CloudFront flat-rate plans bundle CDN, WAF, DDoS, DNS, and monitoring with zero origin egress from AWS services. For AWS-native workloads, this eliminates the cost advantage of adding Cloudflare at the perimeter (which still incurs AWS egress to Cloudflare)
- Existing enterprise agreements — negotiated rates often beat published pricing significantly
- Azure Hybrid Benefit — existing Windows/SQL Server licenses reduce Azure compute costs dramatically
The Pragmatic Approach to Cloud Cost
- Evaluate your starting point: If you are already on AWS, CloudFront flat-rate plans may be more cost-effective than adding Cloudflare — the zero origin egress from AWS services to CloudFront is a significant advantage. If you are multi-cloud, greenfield, or not on AWS, Cloudflare's flat-rate model with truly unlimited bandwidth remains the strongest value.
- Use a hyperscaler for backend compute: Reserved instances or spot pricing for stable workloads. On-demand for variable workloads.
- Serve public content from R2 or via CloudFront: Zero egress (R2) or bundled egress (CloudFront flat-rate) eliminates the largest variable cost for content-heavy applications.
- Monitor ruthlessly: Cloud costs drift. Set budgets, review bills monthly, right-size aggressively.
- Model before you commit: Reserved instance savings are real but irreversible. Model at multiple traffic scenarios before signing a 3-year commitment.
The Honest Bottom Line
Cloudflare's pricing model is designed for web-facing workloads, and for those workloads, it remains aggressively competitive — particularly for the full stack. When you compare Workers + D1 + R2 against Fargate + RDS + S3, the cost difference is dramatic regardless of CDN pricing.
However, the edge pricing landscape has shifted. AWS's CloudFront flat-rate plans (launched November 2025) represent a fundamental change: bundling CDN, WAF, DDoS, DNS, and monitoring into predictable monthly pricing with no overage charges. For organizations already on AWS, the combination of flat-rate edge pricing and free origin-to-CloudFront transfer makes the "Cloudflare at the perimeter" recommendation less universally compelling than it was. In our e-commerce scenario, pure AWS with CloudFront flat-rate ($1,150/month) actually undercuts the Cloudflare hybrid ($1,340/month).
Hyperscaler pricing is designed for the full spectrum of cloud computing — from tiny functions to massive GPU clusters. The metered model is more complex and less predictable, but it provides granular cost optimization for teams willing to invest in understanding it. Reserved pricing and spot instances unlock savings that Cloudflare's platform does not offer for equivalent compute workloads.
The best cost outcome depends on where you are starting. If you are building greenfield or your workload fits Cloudflare's edge platform (Workers, D1, R2), the full-stack cost advantage remains overwhelming — 80%+ cheaper than hyperscaler equivalents. If you are already invested in AWS, CloudFront flat-rate plans eliminate the edge cost gap, and the zero-egress origin integration may make a pure AWS stack more economical than a hybrid approach. If you are multi-cloud or on Azure/GCP, Cloudflare at the perimeter still provides the most cost-effective edge layer.