VPC Flow Logs log the traffic flow in your AWS VPC. These logs contain information such as source and destination IP addresses and the packets or bytes transferred. CloudWatch Logs Insights let’s you query these logs, this can be helpful when you want to figure out what is driving the traffic cost within your network.
For example, the below query will tell you what the top contributors are to your NAT-GW cost:
| filter interfaceId = "eni-<nat-eni-id>"
| stats sum(bytes)/1024/1024 as totalMBytes by srcAddr,dstAddr
| sort totalMBytes desc