0

I need to implement CloudWatch Monitoring on Instances On a Private Subnet. I have configured a VPC Monitoring Endpoint with a Full Access policy for testing.

The instance on the Public Subnet is able to push metrics via the VPC Endpoint. But the instances on the private endpoint are not connecting to the VPC Endpoint and are trying to connect to the CloudWatch Metrics Public Service Endpoints and are failing.

Only Difference between the subnets is the Internet Gateway Routing Rule.

Can someone help with why this is failing?

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Nehal Gowrish
  • 1
  • Check your [Interface VPC endpoint](https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-interface.html) config. – jarmod Mar 10 '22 at 22:37
  • How do you know that instances on the public subnet are using the endpoint? And what is the error that instances on the private subnet are seeing? – Parsifal Mar 10 '22 at 23:42
  • If your private instances are trying to connect to the public endpoint that means that they're not using the VPC-local DNS resolver. But that should affect instances in the public subnet as well. – Parsifal Mar 10 '22 at 23:43

0 Answers0