CloudWatch VPC Endpoints

If you were paying attention to everything in the last part, you noticed that we setup CloudWatch logs for the database and for the EC2 instance. But if you ever went to check the logs, you would have noticed no logs were being sent to CloudWatch.

That's because the app and database are on private subnets and can't access anything unless we explicitly enable it. If we want our stuff to be able to send logs, we need to setup a interface or gateway of some sort.

This part is completely optional, it's not something that will be assessed by the cloud-course app. This part is just for you that are curious how to setup an interface endpoint for CloudWatch.

Interface Endpoints vs NAT

If we setup a NAT gateway or NAT instance, we can allow our infrastructure to access things over the internet. This would include S3 and CloudWatch. But if it's an AWS service, we also have the option of privately connecting to things using a VPC Interface Endpoint.

Costs

Compared to a NAT Gateway which costs:

  • $0.045 per hour (~$32.85 per month)
  • $0.045 per GB data processed

It's cheaper to go with the interface endpoints. However, logs, monitoring, and events all require separate endpoints -- so you'd end up with three endpoints at 3 * $7.30

This is still cheaper than a NAT Gateway (~$32.85/month), unless:

Cloud Course
Cloud Course
$89.70
$299.00 Lifetime
  • 81+ learning resources
  • 57 lessons and tutorials
  • 15 hands-on deployments
  • 9 quizzes
  • 29 videos (4h 17m 38s)
  • More content coming soon
  • Unlimited lifetime access to all course content
  • Deployment assessment CLI tool
  • Exclusive Discord access
Original Price:$299.00
Discount:-$209.30
Total:$89.70