Select Language:
If you’re trying to figure out if a VPC endpoint is still in use, starting with CloudWatch metrics and VPC Flow Logs is a good place. However, relying on just one tool can sometimes be misleading. To get a clearer picture, it’s best to check several sources.
First, look at CloudTrail logs. If you don’t see any events with the endpoint’s VPC endpoint ID over a long period, chances are it’s no longer being used. It’s a quick way to confirm inactivity.
Next, examine the Elastic Network Interfaces (ENIs) linked to the endpoint by going to EC2 and then Network Interfaces. If there’s no traffic—no bytes or packets—for weeks, that suggests the endpoint isn’t active.
Cost Explorer can also be helpful. Sometimes, endpoints show up with hourly charges but hardly process any data. These are likely just sitting idle and can probably be removed.
Checking tags and ownership details can provide insights too. Often, old endpoints are left behind by previous projects, and there’s no current owner to manage or need them.
Lastly, compare your findings with your network architecture. For example, if an endpoint is set up for SSM or ECR but there’s no activity for those services in the VPC, it’s a sign the endpoint isn’t needed anymore.
Before deleting anything, I recommend tagging the endpoint, such as “candidate-for-deletion=true,” and then waiting a few days to ensure it’s really unnecessary. This process helps prevent accidental removal of active resources.
ChatGPT
Perplexity
Gemini AI
Grok AI
