Skip to content

AWS PrivateLink

AWS PrivateLink provides private connectivity between virtual private clouds (VPCs), supported AWS services, and your on-premises networks without exposing your traffic to the public internet. Interface VPC endpoints, powered by PrivateLink, connect you to services hosted by Coralogix. While Coralogix monitoring traffic is always secure, PrivateLink provides stable connectivity, a reduction in traffic costs, and even greater security by maintaining data on the AWS network.

This tutorial provides AWS Coralogix PrivateLink endpoints and instructions for standard configuration.

Use cases

The primary use case for PrivateLink with Coralogix is connectivity for monitored applications running in AWS VPCs. To use Coralogix PrivateLink, you must create a VPC endpoint in the Coralogix AWS region matching your Coralogix domain. This is referred to as same-region VPC.

Note

If your AWS resources are located in a different region than your Coralogix domain, there are two options for connecting to Coralogix from a different AWS region:
1. VPC Peering: Configure VPC Peering between cross-region and same-region VPCs as detailed in this document. See our guide on AWS PrivateLink: VPC Peering Configuration
2. Native Cross-Region PrivateLink: AWS now offers Cross-Region Connectivity for PrivateLink, which provides a significantly easier way to connect across regions without complex VPC peering configurations.

Note

If you are using PrivateLink, you need to update your Coralogix domain to use the private domain and service name. For example, if your domain is ap1.coralogix.com, for ng-api-http API you need to use ng-api-http.private.ap1.coralogix.com and com.amazonaws.vpce.ap-south-1.vpce-svc-0f3f7cde56c035dc2.

Coralogix exposes an AWS PrivateLink endpoint in all Coralogix AWS regions.

AP1
API typePrivate DNSService name
apiapi.private.ap1.coralogix.comcom.amazonaws.vpce.ap-south-1.vpce-svc-06114eda4b29cf966
ng-api-httpng-api-http.private.ap1.coralogix.comcom.amazonaws.vpce.ap-south-1.vpce-svc-0f3f7cde56c035dc2
ng-api-grpcng-api-grpc.private.ap1.coralogix.comcom.amazonaws.vpce.ap-south-1.vpce-svc-0274a047d71496631
private-ingressingress.private.ap1.coralogix.comcom.amazonaws.vpce.ap-south-1.vpce-svc-053d70c8a5be920e9
SYSLOGsyslog.private.ap1.coralogix.comcom.amazonaws.vpce.ap-south-1.vpce-svc-0c042efde13e97781
AP2
API typePrivate DNSService name
apiapi.private.ap2.coralogix.comcom.amazonaws.vpce.ap-southeast-1.vpce-svc-08735772f3471a085
ng-api-httpng-api-http.private.ap2.coralogix.comcom.amazonaws.vpce.ap-southeast-1.vpce-svc-0a8c41a617b29ddb5
ng-api-grpcng-api-grpc.private.ap2.coralogix.comcom.amazonaws.vpce.ap-southeast-1.vpce-svc-0b21427afa30e7ee4
private-ingressingress.private.ap2.coralogix.comcom.amazonaws.vpce.ap-southeast-1.vpce-svc-09906c180fb74f2d6
SYSLOGsyslog.private.ap2.coralogix.comcom.amazonaws.vpce.ap-southeast-1.vpce-svc-01de78919483ca8bd
AP3
API typePrivate DNSService name
apiapi.private.ap3.coralogix.comcom.amazonaws.vpce.ap-southeast-3.vpce-svc-0a5cc941b023c74d8
ng-api-httpng-api-http.private.ap3.coralogix.comcom.amazonaws.vpce.ap-southeast-3.vpce-svc-0f0e5437c845457c9
ng-api-grpcng-api-grpc.private.ap3.coralogix.comcom.amazonaws.vpce.ap-southeast-3.vpce-svc-0ae31a3bcdc167882
private-ingressingress.private.ap3.coralogix.comcom.amazonaws.vpce.ap-southeast-3.vpce-svc-014c191d233e6f8bd
SYSLOGsyslog.private.ap3.coralogix.comcom.amazonaws.vpce.ap-southeast-3.vpce-svc-04b43a263662b48ce
US1
API typePrivate DNSService name
apiapi.private.us1.coralogix.comcom.amazonaws.vpce.us-east-2.vpce-svc-00b0c3cf7f97da9fe
ng-api-httpng-api-http.private.us1.coralogix.comcom.amazonaws.vpce.us-east-2.vpce-svc-084964a2ea2ec3832
ng-api-grpcng-api-grpc.private.us1.coralogix.comcom.amazonaws.vpce.us-east-2.vpce-svc-0d1002d5f341f4567
private-ingressingress.private.us1.coralogix.comcom.amazonaws.vpce.us-east-2.vpce-svc-0759776c2d4ff9016
SYSLOGsyslog.private.us1.coralogix.comcom.amazonaws.vpce.us-east-2.vpce-svc-09438cbd1c5a20c3f
US2
API typePrivate DNSService name
apiapi.private.us2.coralogix.comcom.amazonaws.vpce.us-west-2.vpce-svc-003f0da4b1bef3642
ng-api-httpng-api-http.private.us2.coralogix.comcom.amazonaws.vpce.us-west-2.vpce-svc-0e0e25254d0525694
ng-api-grpcng-api-grpc.private.us2.coralogix.comcom.amazonaws.vpce.us-west-2.vpce-svc-07e6e50c604e43388
private-ingressingress.private.us2.coralogix.comcom.amazonaws.vpce.us-west-2.vpce-svc-0796e83828a22b4eb
SYSLOGsyslog.private.us2.coralogix.comcom.amazonaws.vpce.us-west-2.vpce-svc-05676682f51f06ca1
EU1
API typePrivate DNSService name
apiapi.private.eu1.coralogix.comcom.amazonaws.vpce.eu-west-1.vpce-svc-0a42f2a7e51c64a59
ng-api-httpng-api-http.private.eu1.coralogix.comcom.amazonaws.vpce.eu-west-1.vpce-svc-023e3dcdb3ea6fd1f
ng-api-grpcng-api-grpc.private.eu1.coralogix.comcom.amazonaws.vpce.eu-west-1.vpce-svc-072b03ea2fe17aaba
private-ingressingress.private.eu1..coralogix.comcom.amazonaws.vpce.eu-west-1.vpce-svc-0e4b81f6f7b0d2cc5
SYSLOGsyslog.private.eu1.coralogix.comcom.amazonaws.vpce.eu-west-1.vpce-svc-0ef75f85f37d8df24
EU2
API typePrivate DNSService name
apiapi.private.eu2.coralogix.comcom.amazonaws.vpce.eu-north-1.vpce-svc-0bb000a0d4f907d37
ng-api-httpng-api-http.private.eu2.coralogix.comcom.amazonaws.vpce.eu-north-1.vpce-svc-038b9d861aa2a9bbc
ng-api-grpcng-api-grpc.private.eu2.coralogix.comcom.amazonaws.vpce.eu-north-1.vpce-svc-045f476210af2e531
private-ingressingress.private.eu2.coralogix.comcom.amazonaws.vpce.eu-north-1.vpce-svc-041b21c87be842c08
SYSLOGsyslog.private.eu2.coralogix.comcom.amazonaws.vpce.eu-north-1.vpce-svc-02ef3b377f2562661

Legacy PrivateLink endpoints
Coralogix DomainCoralogix AWS
Region
Service nameOpenTelemetry -
Otel-Traces
Otel-Metrics
Otel-Logs
Coralogix
Lambda
Telemetry
Coralogix
Logs
Prometheus
RemoteWrite
coralogix.comeu-west-1 (Ireland)com.amazonaws.vpce.eu-west-1.vpce-svc-01f6152d495e211f0ingress.private.coralogix.com:443ingress.private.coralogix.com:443https://ingress.private.coralogix.com/logs/v1/singleshttps://ingress.private.coralogix.com/prometheus/v1
coralogix.inap-south1 (India)com.amazonaws.vpce.ap-south-1.vpce-svc-0eb807f14d645a973ingress.private.coralogix.in:443ingress.private.coralogix.in:443https://ingress.private.coralogix.in/logs/v1/singleshttps://ingress.private.coralogix.in/prometheus/v1
coralogix.usus-east2 (US)com.amazonaws.vpce.us-east-2.vpce-svc-067fdf46ffae1ed0eingress.private.coralogix.us:443ingress.private.coralogix.us:443https://ingress.private.coralogix.us/logs/v1/singleshttps://ingress.private.coralogix.us/prometheus/v1
eu2.coralogix.comeu-north-1 (Stockholm)com.amazonaws.vpce.eu-north-1.vpce-svc-041b21c87be842c08ingress.private.eu2.coralogix.com:443https://prometheus-gateway.eu2.coralogix.comhttps://ingress.private.eu2.coralogix.com/logs/v1/singleshttps://ingress.private.eu2.coralogix.com/prometheus/v1
coralogixsg.comap-southeast-1 (Singapore)com.amazonaws.vpce.ap-southeast-1.vpce-svc-0e4cd83852ff2869bingress.private.coralogixsg.com:443ingress.private.coralogixsg.com:443https://ingress.private.coralogixsg.com/logs/v1/singleshttps://ingress.private.coralogixsg.com/prometheus/v1
cx498.coralogix.comus-west-2 (Oregon)com.amazonaws.vpce.us-west-2.vpce-svc-0f6436ddb210e5dbbingress.private.cx498-aws-us-west-2.coralogix.com:443ingress.private.cx498-aws-us-west-2.coralogix.com:443https://ingress.private.cx498-aws-us-west-2.coralogix.com:443/logs/v1/singleshttps://ingress.private.cx498-aws-us-west-2.coralogix.com:443/prometheus/v1
ap3.coralogix.comap-southeast-3 (Jakarta)com.amazonaws.vpce.ap-southeast-3.vpce-svc-0cbb93cb2b4630b9eingress.private.ap3.coralogix.com:443ingress.private.ap3.coralogix.com:443https://ingress.private.ap3.coralogix.com/logs/v1/singleshttps://ingress.private.ap3.coralogix.com/prometheus/v1

Prerequisites

  • If you use an integration involving Amazon S3, you must ensure that the VPC in which your Lambda is deployed has an S3 Service Gateway configured.

  • If you intend to use AWS Secrets Manager with your Lambda, you must create another VPC endpoint for the com.amazonaws.<AWS Region>.secretsmanager service. Detailed instructions can be found here.

VPC configuration

To use Coralogix PrivateLink, you must create a VPC endpoint in the Coralogix AWS region matching your Coralogix domain. This is referred to as same-region VPC. For example, the coralogix.com domain is hosted in eu-west-1. A same-region VPC must be deployed in eu-west-1.

STEP 1. Create a VPC endpoint.

  • Connect to the AWS console in your Coralogix AWS region.

  • Navigate to the Endpoints section.

  • Click Create endpoint.

STEP 2. Name the VPC endpoint and select the service category: PrivateLink Ready partner services.

STEP 3. Input the Service name associated with your Coralogix AWS region, as per the above table.

STEP 4. Click Verify service.

  • You should receive the following message: Service name verified.

  • If you do not receive this message, contact us via our in-app chat or by sending us an email at support@coralogix.com.

STEP 5. Select a VPC in which to create the endpoint.

STEP 6. Expand the Additional settings section and Enable DNS name.

STEP 7. Select a security group to enable traffic to this VPC endpoint.

  • The security group must accept inbound traffic in port 443 (TCP).

STEP 8. Click Create endpoint.

STEP 9. Verify your configuration.

  • Ensure the VPC endpoint status appears as Available.

STEP 10. Connect to the VPC network.

Validate that the endpoint is working with either the following:

  1. Connected VPC to a running workload (e.g. ec2 instance) and enter the following command, adjusted per cross-region:
# example US region
# telnet ingress.private.us1.coralogix.com
telnet <ingress.private.<region-domain> 443
  1. Try sending a test log using the Coralogix REST API /singles ```

Next Steps

  • If your AWS resources are in a different region than your Coralogix domain, you have two options:
  • VPC Peering: Deploy your Lambda function using VPC peering with a cross-region VPC local to the data source. Learn more in our AWS PrivateLink: VPC Peering Configuration guide.
  • Native Cross-Region PrivateLink: Use AWS's native cross-region connectivity for PrivateLink, which provides a simpler alternative without complex VPC peering. Learn more in our AWS PrivateLink: Cross-Region Connectivity guide.

  • Align the VPC to your Lambda. Instructions can be found here.