how to check unused VPN tunnel #4591
Comments
|
thanks for the bug report, i dont have one of these handy.. so a little more information/research would be useful.. does this need the TunnelIpAddress to be useful (metrics dimension needed for query)? my reading on the docs says its required, its a bit unclear how we pull that ipaddress unless is it the outside ip address on the vpn connection? |
|
thanks @kapilt for quick turn around. So I was trying to test something similar to following unused RDS instances. With RDS schema there is filter type metrics which query "DatabaseConnections" for 14 days. With VPN I was trying to capture "TunnelDataIn" and "TunnelDataOut" for last 14 days and it is below certain lowpass value that mean app users are not using them. |
|
so what would be helpful is to understand what you have to pass on the cli to get metrics, ie. does it work to just pass in VpnId ? from it shows two dimensions, VpnId and TunnelIpAddress .. if we just need the VpnId then its straightforward to add. If we also need TunnelIpAddress then we need to know how to extract that value. ie is the TunnelIpAddress an attribute of the Vpn Tunnel (per cli describe output) or something else, and if so what? |
|
it does look like we can just pass in vpnid for metrics |
I am working on policy to check if tunnels are really used.
https://docs.aws.amazon.com/vpn/latest/s2svpn/monitoring-cloudwatch-vpn.html
as per above doc there is cloud watch metrics to check this but, there is no "-metrics" filter available with schema vpn-connection
The text was updated successfully, but these errors were encountered: