Cloudwatch VPC Private Link Cost


Hi people,

It's Cloudwatch VPC Private Link free?

If not, it's more or less expensive then using Cloudwatch for the internet?

Anyone can help me about this doubt? My company pretend to use this configuration to save money.

1 Answer

Using Interface VPC Endpoints (PrivateLink) for AWS services like Cloudwatch isn't about saving money, it's about improving security and reliability. They do have a cost. For HA you need each one to have network interfaces in two AZs, for a total cost of around 2 to 2.6 cents per hour for each service (varies by region). For this you get a connection that doesn't go over the internet so is more reliable and with less jitter, and more secure. In addition if you have endpoints for all the services an EC2 instance needs, you may be able to deploy it in a fully-private subnet with not even outbound internet connectivity.

The only way it could save money is if it allows you to get rid of your NAT Gateways, i.e. if it means you no longer have a need for IPv4 outbound anymore and can make do with IPv6 outbound only.

answered 10 months ago
profile picture
reviewed 10 months ago
  • Thanks for response, i understand the benefits of this configuration. But, the company needs to know if is more or less expensive using Cloudwatch logs endpoints then NAT Gateways or Internet Gateways in general. And the response is "depends?"

  • Well yes, it does depend on whether using Endpoints means you can retire NAT Gateways, and also on how many AWS services you need Endpoints for. Only you can make those judgements based on your unique situation. To be resilient to AZ failure you need a NAT GW in each AZ that you're using; you can compare their total cost to the cost of the Endpoints you'll need.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions