Skip to content

AWS PrivateLink

AWS PrivateLink provides private connectivity between virtual private clouds (VPCs), supported AWS services, and your on-premises networks without exposing your traffic to the public internet. Interface VPC endpoints, powered by PrivateLink, connect you to services hosted by Coralogix. While Coralogix monitoring traffic is always secure, PrivateLink provides stable connectivity, a reduction in traffic costs, and even greater security by maintaining data on the AWS network.

This tutorial provides AWS Coralogix PrivateLink endpoints and instructions for standard configuration.

Use Cases

The primary use case for PrivateLink with Coralogix is connectivity for monitored applications running in AWS VPCs. To use Coralogix PrivateLink, you must create a VPC endpoint in the Coralogix AWS region matching your Coralogix domain. This is referred to as same-region VPC.

Note

If your AWS resources are located in a different region than your Coralogix domain, there are two options for connecting to Coralogix from a different AWS region: 1. VPC Peering: Configure VPC Peering between cross-region and same-region VPCs as detailed in this document. See our guide on [AWS PrivateLink: VPC Peering Configuration](../aws-privatelink-vpc-peering-configuration/index.md 2. Native Cross-Region PrivateLink: AWS now offers Cross-Region Connectivity for PrivateLink, which provides a significantly easier way to connect across regions without complex VPC peering configurations.

Coralogix exposes the AWS PrivateLink endpoint in all Coralogix AWS regions.
Coralogix DomainCoralogix AWS
Region		Service NameOpenTelemetry -
Otel-Traces
Otel-Metrics
Otel-Logs		Coralogix
Lambda
Telemetry		Coralogix
Logs		Prometheus
RemoteWrite
coralogix.comeu-west-1 (Ireland)com.amazonaws.vpce.eu-west-1.vpce-svc-01f6152d495e211f0ingress.private.coralogix.com:443ingress.private.coralogix.com:443https://ingress.private.coralogix.com/logs/v1/singleshttps://ingress.private.coralogix.com/prometheus/v1
coralogix.inap-south1 (India)com.amazonaws.vpce.ap-south-1.vpce-svc-0eb807f14d645a973ingress.private.coralogix.in:443ingress.private.coralogix.in:443https://ingress.private.coralogix.in/logs/v1/singleshttps://ingress.private.coralogix.in/prometheus/v1
coralogix.usus-east2 (US)com.amazonaws.vpce.us-east-2.vpce-svc-067fdf46ffae1ed0eingress.private.coralogix.us:443ingress.private.coralogix.us:443https://ingress.private.coralogix.us/logs/v1/singleshttps://ingress.private.coralogix.us/prometheus/v1
eu2.coralogix.comeu-north-1 (Stockholm)com.amazonaws.vpce.eu-north-1.vpce-svc-041b21c87be842c08ingress.private.eu2.coralogix.com:443https://prometheus-gateway.eu2.coralogix.comhttps://ingress.private.eu2.coralogix.com/logs/v1/singleshttps://ingress.private.eu2.coralogix.com/prometheus/v1
coralogixsg.comap-southeast-1 (Singapore)com.amazonaws.vpce.ap-southeast-1.vpce-svc-0e4cd83852ff2869bingress.private.coralogixsg.com:443ingress.private.coralogixsg.com:443https://ingress.private.coralogixsg.com/logs/v1/singleshttps://ingress.private.coralogixsg.com/prometheus/v1
cx498.coralogix.comus-west-2 (Oregon)com.amazonaws.vpce.us-west-2.vpce-svc-0f6436ddb210e5dbbingress.private.cx498-aws-us-west-2.coralogix.com:443ingress.private.cx498-aws-us-west-2.coralogix.com:443https://ingress.private.cx498-aws-us-west-2.coralogix.com:443/logs/v1/singleshttps://ingress.private.cx498-aws-us-west-2.coralogix.com:443/prometheus/v1
ap3.coralogix.comap-southeast-3 (Jakarta)com.amazonaws.vpce.ap-southeast-3.vpce-svc-0cbb93cb2b4630b9eingress.private.ap3.coralogix.com:443ingress.private.ap3.coralogix.com:443https://ingress.private.ap3.coralogix.com/logs/v1/singleshttps://ingress.private.ap3.coralogix.com/prometheus/v1

Prerequisites

  • If you use an integration involving Amazon S3, you must ensure that the VPC in which your Lambda is deployed has an S3 Service Gateway configured.

  • If you intend to use AWS Secrets Manager with your Lambda, you must create another VPC endpoint for the com.amazonaws.<AWS Region>.secretsmanager service. Detailed instructions can be found here.

VPC Configuration

To use Coralogix PrivateLink, you must create a VPC endpoint in the Coralogix AWS region matching your Coralogix domain. This is referred to as same-region VPC. For example, the coralogix.com domain is hosted in eu-west-1. A same-region VPC must be deployed in eu-west-1.

STEP 1. Create a VPC endpoint.

  • Connect to the AWS console in your Coralogix AWS region.

  • Navigate to the Endpoints section.

  • Click Create endpoint.

STEP 2. Name the VPC endpoint and select the service category: PrivateLink Ready partner services.

STEP 3. Input the Service name associated with your Coralogix AWS region, as per the above table.

STEP 4. Click Verify service.

  • You should receive the following message: Service name verified.

  • If you do not receive this message, contact us via our in-app chat or by sending us an email at [email protected].

STEP 5. Select a VPC in which to create the endpoint.

STEP 6. Expand the Additional settings section and Enable DNS name.

STEP 7. Select a security group to enable traffic to this VPC endpoint.

  • The security group must accept inbound traffic in port 443 (TCP).

STEP 8. Click Create endpoint.

STEP 9. Verify your configuration.

  • Ensure the VPC endpoint status appears as Available.

STEP 10. Connect to the VPC network.

Validate that the endpoint is working with either the following:

  1. Connected VPC to a running workload (e.g. ec2 instance) and enter the following command, adjusted per cross-region:
# example US region
# telnet ingress.private.coralogix.us
telnet <ingress.private.<region-domain> 443
  1. Try sending a test log using the Coralogix REST API /singles ```

Next Steps

  • If your AWS resources are in a different region than your Coralogix domain, you have two options:
  • VPC Peering: Deploy your Lambda function using VPC peering with a cross-region VPC local to the data source. Learn more in our AWS PrivateLink: VPC Peering Configuration guide.

  • Native Cross-Region PrivateLink: Use AWS's native cross-region connectivity for PrivateLink, which provides a simpler alternative without complex VPC peering. Learn more in our AWS PrivateLink: Cross-Region Connectivity guide.

  • Align the VPC to your Lambda. Instructions can be found here.

Previous Previous AWS CloudWatch Metrics Processing
Next Cross-Region Connectivity Next
Home
User Guides User Guides
DataPrime DataPrime
Integrations Integrations
OpenTelemetry OpenTelemetry
Developer Portal Developer Portal