I'm understanding your scenario as below, please correct me if I'm wrong.
- Ec2 instance in a private subnet, that does not have access to the Internet.
- You want to push Memory(Ram usage) metrics to CloudWatch
- You have created VPC Endpoint for CloudWatch Logs
Based on above information, it seems that you are not using the correct VPC Endpoint. To push metrics you need VPC Endpoint for CloudWatch service not CloudWatch Logs, on the contrary you will need VPC Interface Endpoint for CloudWatch Logs to push logs from Private EC2 instance with CW Agent. You can have details from  for endpoint_override configuration for Metrics section and  for VPC Endpoint for CloudWatch.
In addition to above, when pushing metrics from EC2 instance - EC2 instances needs to connect to EC2 service to obtain the EC2 tags initially. For this purpose you will also need to have VPC Interface endpoint for EC2 service as well. This can be seen from the error that you are observing:
2022-02-09T08:04:01Z W! processors.ec2tagger ec2tagger: Unable to describe ec2 tags for initial retrieval: RequestError: send request failed caused by: Post "https://ec2.ap-southeast-1.amazonaws.com/": dial tcp 22.214.171.124:443: connect: connection timed out
and make sure the EC2 instance's associated IAM Role/Instance Profile has the required permissions as described . Precisely for above error, the required permission is "ec2:DescribeTags".
Hope this helps. Looking forward to your feedback.
- Accepted Answerasked 4 months ago
- How do I install and configure the unified CloudWatch agent to push metrics and logs from my EC2 instance to CloudWatch?AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 12 days ago
- EXPERTpublished 5 months ago
- EXPERTpublished 4 months ago