I believe Amazon uses commodity NICs + iptables in Dom0 (based on rumors). I have no idea what a custom ASIC would cost, but I think the Jupiter networking gear / Titan NIC that Google built are pretty advanced components that would cost more than commodity stuff.

In any case, the hardware components are fixed costs. What's not fixed is the cost of applying routing and segmentation rules for each packet. There are scarce resources involved here: the hardware has limited memory and limited cycles. You're paying for the use of those scarce resources (e.g., having a memory resident stateful firewall rule for a TCP session). Charging for bandwidth isn't perfect, but it probably correlates pretty closely with the underlying resources and is a much more intuitive unit-of-value for customers.