- Newest
- Most votes
- Most comments
Using Interface VPC Endpoints (PrivateLink) for AWS services like Cloudwatch isn't about saving money, it's about improving security and reliability. They do have a cost. For HA you need each one to have network interfaces in two AZs, for a total cost of around 2 to 2.6 cents per hour for each service (varies by region). For this you get a connection that doesn't go over the internet so is more reliable and with less jitter, and more secure. In addition if you have endpoints for all the services an EC2 instance needs, you may be able to deploy it in a fully-private subnet with not even outbound internet connectivity.
The only way it could save money is if it allows you to get rid of your NAT Gateways, i.e. if it means you no longer have a need for IPv4 outbound anymore and can make do with IPv6 outbound only.
Relevant content
- asked 2 years ago
- Accepted Answerasked 5 days ago
- asked a month ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Thanks for response, i understand the benefits of this configuration. But, the company needs to know if is more or less expensive using Cloudwatch logs endpoints then NAT Gateways or Internet Gateways in general. And the response is "depends?"
Well yes, it does depend on whether using Endpoints means you can retire NAT Gateways, and also on how many AWS services you need Endpoints for. Only you can make those judgements based on your unique situation. To be resilient to AZ failure you need a NAT GW in each AZ that you're using; you can compare their total cost to the cost of the Endpoints you'll need.