- Newest
- Most votes
- Most comments
You could create a private VPC endpoint for the CloudWatch Metrics service (the endpoint to choose is com.amazonaws.<region>.monitoring) and that way your instance can access the service without having to go through a NAT Gateway or Internet Gateway.
I'd note that using a VPC endpoint service does come with extra charges: https://aws.amazon.com/privatelink/pricing/
If your instance already has a public or Elastic IP address; or accesses public services via a NAT Gateway then you might as well continue to use that method - traffic between EC2 instances and AWS services always stays on the AWS network even if you are using public IP addresses (this is called out in the VPC FAQ). But if you are only using a NAT Gateway or public/Elastic IP to access CloudWatch Metrics then an endpoint is a better way to go.
Relevant content
- asked 2 months ago
- asked a year ago
- asked a year ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
Thanks a lot. By the way, how to collect the CPU credit metrics from lightsail instances? I tried cloudwatch agent on lightsail and found it has no CPU credit related metrics. I guess such metrics might be collected from the aws hypervisor directly or something equivalent.
I found https://docs.aws.amazon.com/lightsail/2016-11-28/api-reference/API_GetInstanceMetricData.html. Cheers :-D