Log in to the CloudWatch Console, and then choose CloudWatch Logs from the list of services.
Choose the log group that's associated with your Site-to-Site VPN. This log group contains all of the logs relating to your Site-to-Site VPN connection. This includes logs that contain information about when your Site-to-Site VPN tunnel goes down.
Choose the log stream for the time period during which the Site-to-Site VPN tunnel went down.
Review the logs for errors and warnings that will help you diagnose the issue. This might include connection issues, authentication failures, or configuration problems. For more information, see Contents of Site-to-Site VPN logs.
Monitor the tunnel using CloudWatch
You can also use the CloudWatch TunnelState metric to check the status of a Site-to-Site VPN tunnel. After reviewing the TunnelState, you can set notifications for when a tunnel changes status. You can evaluate the stability of your tunnel by accessing this metric data over time. For more information, see Monitoring VPN tunnels using Amazon CloudWatch.
Check Your Site-to-Site VPN configuration, network settings, and firewall rules
If you're still unable to diagnose the issue, then check your Site-to-Site VPN configuration, network settings, and firewall rules to make sure that they're configured correctly. Confirm that there are no issues that could be causing the tunnel to go down. This may require working with your IT team, network administrator, or internet service provider to troubleshoot the issue.