Does ECS service with "awslogs" driver use NAT for pushing logs to cloudwatch?

I have an ECS service with awslogs turned on. While its working fine, I wanted to understand if the logs are transmitted via NAT/ internet-gw or local network.
What is the best way to validate it as well ? I would want logs not to be flowing through internet to save some money on data transfer.

My VPC routing configurations looks as like below

and routes configured as below

FYI: the ecs task is running in private subnet.

As per why are my Amazon ECS container logs not delivered to Amazon CloudWatch Logs post on AWS Knowledge Center, you should create an interface Amazon VPC endpoint for CloudWatch Logs.

> If your Amazon Virtual Private Cloud (Amazon VPC) doesn't have an internet gateway, and your tasks use the awslogs log driver to send log information to CloudWatch Logs, then be sure that you created an interface Amazon VPC endpoint for CloudWatch Logs. For more information, see Using CloudWatch Logs with interface VPC endpoints.

Now, if you have both Internet Gateway/NAT Gateway/NAT Instance and VPC Endpoint, then VPC Endpoint takes the priority as per this link vantage.sh.

> It is possible to use a NAT Gateway and a VPC Endpoint in the same subnet. The VPC endpoint traffic will take priority since it is a more specific address range.

Docs says:
> If there is a route that sends all internet traffic (0.0.0.0/0) to an internet gateway, the endpoint route takes precedence.