[英]AWS fargate logging to cloudwatch causes NAT traffic - how to avoid
We got a substantial increase in AWS cost this month which we can track down to ec2-other / EU-NatGateway-Bytes.本月我们的 AWS 成本大幅增加,我们可以追踪到 ec2-other / EU-NatGateway-Bytes。 Our best guess is that this is due to a fargate task that got into trouble and generated a lot of cloudwatch messages.
我们最好的猜测是,这是由于 fargate 任务遇到麻烦并生成了大量 cloudwatch 消息。 What's unclear is why cloudwatch messages should go through the NAT gateway.
不清楚的是为什么 cloudwatch 消息应该 go 通过 NAT 网关。 That seems unnecessary.
这似乎是不必要的。 An alternative could be efs access but there the same applies: why using NAT.
另一种方法是 efs 访问,但同样适用:为什么使用 NAT。
Afaik this is really a rather 'vanilla' ecs task, pulling the docker image from ecr Afaik 这真的是一个相当“普通”的 ecs 任务,从 ecr 中提取 docker 图像
Any tips where to look for a possible misconfiguration?在哪里寻找可能的错误配置的任何提示?
Tx!! TX!!
Peter彼得
Resources in private VPC su.nets have to go through the NAT Gateway to access anything outside the VPC.私有 VPC su.net 中的资源必须通过 NAT 网关 go 才能访问 VPC 之外的任何内容。 AWS CloudWatch Logs happens to exist outside the VPC.
AWS CloudWatch Logs 恰好存在于 VPC 之外。
If you want to avoid this, then you need to create VPC Interface Gateway for CloudWatch Logs , to provide a private connection between your VPC and CloudWatch Logs.如果您想避免这种情况,则需要为 CloudWatch Logs 创建 VPC Interface Gateway ,以在您的 VPC 和 CloudWatch Logs 之间提供私有连接。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.