Monitor NAT gateways with Amazon CloudWatch
You can monitor your NAT gateway using CloudWatch, which collects information from your NAT gateway and creates readable, near real-time metrics. You can use this information to monitor and troubleshoot your NAT gateway. NAT gateway metric data is provided at 1-minute intervals, and statistics are recorded for a period of 15 months.
For more information about Amazon CloudWatch, see the Amazon CloudWatch User Guide. For more information about
pricing, see Amazon CloudWatch Pricing
NAT gateway metrics and dimensions
The following metrics are available for your NAT gateways. The description column includes a description of each metrics as well as the units and statistics.
Metric | Description |
---|---|
ActiveConnectionCount |
The total number of concurrent active TCP connections through the NAT gateway. A value of zero indicates that there are no active connections through the NAT gateway. Units: Count Statistics: The most useful statistic is |
BytesInFromDestination |
The number of bytes received by the NAT gateway from the destination. If the value for Units: Bytes Statistics: The most useful statistic is |
BytesInFromSource |
The number of bytes received by the NAT gateway from clients in your VPC. If the value for Units: Bytes Statistics: The most useful statistic is |
BytesOutToDestination |
The number of bytes sent out through the NAT gateway to the destination. A value greater than zero indicates that there is traffic
going to the internet from clients that are behind the NAT gateway.
If the value for Unit: Bytes Statistics: The most useful statistic is |
BytesOutToSource |
The number of bytes sent through the NAT gateway to the clients in your VPC. A value greater than zero indicates that there is traffic
coming from the internet to clients that are behind the NAT gateway.
If the value for Units: Bytes Statistics: The most useful statistic is |
ConnectionAttemptCount |
The number of connection attempts made through the NAT gateway. If the value for Unit: Count Statistics: The most useful statistic is |
ConnectionEstablishedCount |
The number of connections established through the NAT gateway. If the value for Unit: Count Statistics: The most useful statistic is |
ErrorPortAllocation |
The number of times the NAT gateway could not allocate a source port. A value greater than zero indicates that too many concurrent connections are open through the NAT gateway. Units: Count Statistics: The most useful statistic is |
IdleTimeoutCount |
The number of connections that transitioned from the active state to the idle state. An active connection transitions to idle if it was not closed gracefully and there was no activity for the last 350 seconds. A value greater than zero indicates that there are connections
that have been moved to an idle state. If the value for
Unit: Count Statistics: The most useful statistic is |
PacketsDropCount |
The number of packets dropped by the NAT gateway. A value greater than 0.01 percent might indicate an ongoing transient
issue with the NAT gateway. If this value exceeds 0.01 percent of
the total traffic on the NAT gateway, check the Amazon service health
dashboard Units: Count Statistics: The most useful statistic is |
PacketsInFromDestination |
The number of packets received by the NAT gateway from the destination. If the value for Unit: Count Statistics: The most useful statistic is |
PacketsInFromSource |
The number of packets received by the NAT gateway from clients in your VPC. If the value for Unit: Count Statistics: The most useful statistic is |
PacketsOutToDestination |
The number of packets sent out through the NAT gateway to the destination. A value greater than zero indicates that there is traffic
going to the internet from clients that are behind the NAT gateway.
If the value for Unit: Count Statistics: The most useful statistic is |
PacketsOutToSource |
The number of packets sent through the NAT gateway to the clients in your VPC. A value greater than zero indicates that there is traffic
coming from the internet to clients that are behind the NAT gateway.
If the value for Unit: Count Statistics: The most useful statistic is |
PeakBytesPerSecond |
This metric reports the highest 10-second bytes per second average in a given minute. Units: Count Statistics: The most useful statistic is |
PeakPacketsPerSecond |
This metric calculates the average packet rate (packets processed per second) every 10 seconds for 60 seconds and then reports the maximum of the six rates (the highest average packet rate). Units: Count Statistics: The most useful statistic is |
To filter the metric data, use the following dimension.
Dimension | Description |
---|---|
NatGatewayId |
Filter the metric data by the NAT gateway ID. |
View NAT gateway CloudWatch metrics
NAT gateway metrics are sent to CloudWatch at 1-minute intervals. Metrics are grouped first by the service namespace, and then by the possible combinations of dimensions within each namespace. You can view the metrics for your NAT gateways as follows.
To view metrics using the CloudWatch console
Open the CloudWatch console at https://console.amazonaws.cn/cloudwatch/
. -
In the navigation pane, choose Metrics, All metrics.
-
Choose the NATGateway metric namespace.
-
Choose a metric dimension.
To view metrics using the Amazon CLI
At a command prompt, use the following command to list the metrics that are available for the NAT gateway service.
aws cloudwatch list-metrics --namespace "AWS/NATGateway"
Create CloudWatch alarms to monitor a NAT gateway
You can create a CloudWatch alarm that sends an Amazon SNS message when the alarm changes state. An alarm watches a single metric over a time period that you specify. It sends a notification to an Amazon SNS topic based on the value of the metric relative to a given threshold over a number of time periods.
For example, you can create an alarm that monitors the amount of traffic coming in or leaving the NAT gateway. The following alarm monitors the amount of outbound traffic from clients in your VPC through the NAT gateway to the internet. It sends a notification when the number of bytes reaches a threshold of 5,000,000 during a 15-minute period.
To create an alarm for outbound traffic through the NAT gateway
Open the CloudWatch console at https://console.amazonaws.cn/cloudwatch/
. -
In the navigation pane, choose Alarms, All alarms.
-
Choose Create alarm.
-
Choose Select metric.
-
Choose the NATGateway metric namespace and then choose a metric dimension. When you get to the metrics, select the check box next to the BytesOutToDestination metric for the NAT gateway, and then choose Select metric.
-
Configure the alarm as follows, and then choose Next:
-
For Statistic, choose Sum.
-
For Period, choose 15 minutes.
-
For Whenever, choose Greater/Equal and enter
5000000
for the threshold.
-
-
For Notification, select an existing SNS topic or choose Create new topic to create a new one. Choose Next.
-
Enter a name and description for the alarm and choose Next.
-
When you done configuring the alarm, choose Create alarm.
As another example, you can create an alarm that monitors port allocation errors and sends a notification when the value is greater than zero (0) for three consecutive 5-minute periods.
To create an alarm to monitor port allocation errors
Open the CloudWatch console at https://console.amazonaws.cn/cloudwatch/
. -
In the navigation pane, choose Alarms, All alarms.
-
Choose Create alarm.
-
Choose Select metric.
-
Choose the NATGateway metric namespace and then choose a metric dimension. When you get to the metrics, select the check box next to the ErrorPortAllocation metric for the NAT gateway, and then choose Select metric.
-
Configure the alarm as follows, and then choose Next:
-
For Statistic, choose Maximum.
-
For Period, choose 5 minutes.
-
For Whenever, choose Greater and enter 0 for the threshold.
-
For Additional configuration, Datapoints to alarm, enter 3.
-
-
For Notification, select an existing SNS topic or choose Create new topic to create a new one. Choose Next.
-
Enter a name and description for the alarm and choose Next.
-
When you are done configuring the alarm, choose Create alarm.
For more information, see Using Amazon CloudWatch alarms in the Amazon CloudWatch User Guide.