Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Use CloudWatch with VPC Endpoints (PrivateLink)

I have read the AWS documentation on the connection between the resources of a VPC and CloudWatch but I have not really understood what the objective is.

Does this secure the data transport between the VPC and CloudWatch? Or is it because the internet is required for communication between one instance of a VPC and CloudWatch?

Is a VPC with an Internet connection required to send data to CloudWatch?

like image 935
gtx911 Avatar asked Oct 17 '25 17:10

gtx911


1 Answers

Normally, to communicate with CloudWatch (CW), for example when using cloudwatch agent, your instance must be able to connect to CW public endpoint. For CW, the endpoints are here.

These are regular HTTP/HTTPS public endpoints, which means that your instance generally requires internet connection. Without it will not be able to reach the internet and the endpoints. However, this requires your instance be in a public subnet or use a NAT gateway.

Internet access often can be not desired due to enhance security requirements. This is where VPC endpoints come into play. They enable resources in private VPC or subnet (i.e. without any internet access) to connect privately to the CW, or there services (e.g., S3, Lambda).

Is a VPC with an Internet connection required to send data to CloudWatch?

Yes, unless you will use VPC interface endpoint in your VPC.

like image 56
Marcin Avatar answered Oct 20 '25 08:10

Marcin



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!