Amazon CloudWatch Observability Access Manager Now Supports VPC Endpoints
We announce VPC endpoints for Amazon CloudWatch Observability Access Manager (OAM). CloudWatch OAM enables you to programmatically manage cross-account observability settings within a region. The new VPC endpoints enhance your security posture by keeping traffic between your VPC and CloudWatch OAM within the Amazon Web Services China network, eliminating the need to traverse the public internet.
You can use Observability Access Manager to create and manage links between source accounts and monitoring accounts, enabling you to monitor and troubleshoot applications that span multiple accounts within a Region. With the new VPC endpoints, you can establish secure, private, and reliable connections between your VPC and CloudWatch Observability Access Manager. This allows you to maintain private connectivity while managing cross-account observability links and sinks, even from VPCs without internet access. The feature supports both IPv4 and IPv6 addressing, and you can use Amazon PrivateLink's built-in security controls—like security groups and VPC endpoint policies—to help secure access to your observability resources.
CloudWatch Observability Access Manager VPC endpoints are now available in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD.
To start using VPC endpoints for CloudWatch Observability Access Manager, refer to CloudWatch OAM endpoints for a list of supported Regional endpoints. To learn more about Amazon PrivateLink, see accessing Amazon Web Services services through Amazon PrivateLink.