The true cost of PaaS hosting (and how to avoid bill shock)
Headline $7/mo is never the full story. Here is how dynos, databases, egress, and autoscaling compound, and what to look for in a platform.
Marcus Rivera
Head of Product
Every PaaS advertises a low entry price. Almost none of them quote the price of a real production stack: web service, worker, Postgres, Redis, preview environments, outbound bandwidth, and one bad autoscaling Tuesday. If you are evaluating hosting in 2026, you need a worksheet, not a landing page hero number.
The line items that add up
| Cost layer | What vendors hide | Example impact |
|---|---|---|
| Compute | Per-dyno minimums | Heroku Basic $25 vs StackBlaze $7 |
| Databases | Separate SKUs per engine | Postgres + Redis often > web tier |
| Add-ons | Logging, metrics, WAF | $20–100+/mo each on some platforms |
| Egress | Outbound bandwidth | $0.10–0.15/GB after included tier |
| Autoscale | Per-second CPU during spikes | 2–5× baseline in one day |
| Previews | Per-environment compute | 5 PRs × hourly rate adds up |
Worked example: small production API
Assume one Rails or Node API, one worker, Postgres, Redis, and two active PR preview environments for a week each month.
| Platform | Steady month (est.) | Spike month (est.) |
|---|---|---|
| Heroku (comparable tiers) | $90–120+ | $150+ with scale |
| Railway (usage-based) | $45–70 | $100–150+ |
| Render | $50–80 | $80–120 |
| StackBlaze | $35–55 | $35–60 with spend cap |
Numbers are illustrative, your framework, region, and autoscale settings move them. The pattern is consistent: usage-based platforms spike; per-service flat pricing with caps is easier to defend in a budget meeting.
Autoscaling is where bills go wrong
Autoscaling without a spend cap is a bet that your traffic model is correct forever. Most teams set max_instances high "just in case" and forget until an attack, a viral post, or a retry storm scales them to the ceiling.
StackBlaze added hourly spend caps and scaling previews precisely because this is the #1 post-migration surprise teams report from usage-based platforms. You should be able to answer: "What is the most we can spend in an hour if everything scales max?" before you need to answer it in Slack at midnight.
services:
api:
scaling:
max_instances: 20
spend_cap:
hourly_usd: 8.00
over_limit_behavior: queueQuestions to ask any vendor
- What is included in the headline price vs billed separately?
- How do preview environments meter, per hour, per PR, per service?
- Is Postgres PITR included or an add-on?
- What happens to inter-service traffic, private network or billable egress?
- Can I cap autoscale spend without turning scaling off entirely?
Build your own calculator
Before you sign: list every process type (web, worker, cron), every datastore, expected egress GB/month, and peak concurrent instances. Multiply steady state and 3× peak. If the vendor cannot give you a clear answer for peak, assume worst case.
Free tiers are not free if they sleep
A "free" web service that spins down after 15 minutes of idle time can cost you more in broken webhooks and angry users than a $7 always-on plan. Factor reliability into TCO, not just subscription line items.
The true cost of PaaS is predictable only when the platform exposes every layer, compute, data, network, previews, and scale, with caps you control. That is the bar we design StackBlaze pricing against.
Marcus Rivera
Head of Product at StackBlaze
Member of the founding team at StackBlaze. Writes about infrastructure, engineering culture, and the systems that keep production running.
More from the blog
How Calico network policies isolate tenants on shared hosting
Shared Kubernetes does not have to mean shared trust boundaries. Calico enforces network isolation, Linkerd provides automatic mTLS between services, and Falco detects runtime threats, three layers that keep tenants separated on shared infrastructure.
Shared platform vs dedicated clusters: control plane isolation and policy-as-code
Policy-as-code on a shared platform gives you guardrails without operational overhead. Dedicated clusters add an isolated control plane, single-tenant nodes, and customer-owned policy boundaries, here is how to choose and what changes under the hood.
Regulatory compliance and data governance on StackBlaze
SOC 2, GDPR, HIPAA-readiness, data residency, encryption, audit logs, and DPAs, a detailed map of how StackBlaze controls align with common regulatory frameworks and what you own vs what the platform certifies.