Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Back to All Docs

AWS PrivateLink AWS PrivateLink

Last Updated: Jan. 18, 2024

AWS PrivateLink provides private connectivity between virtual private clouds (VPCs), supported AWS services, and your on-premises networks without exposing your traffic to the public internet. Interface VPC endpoints, powered by PrivateLink, connect you to services hosted by Coralogix. While Coralogix monitoring traffic is always secure, PrivateLink provides stable connectivity, a reduction in traffic costs, and even greater security by maintaining data on the AWS network.

This tutorial provides AWS Coralogix PrivateLink endpoints and instructions for standard configuration.

The primary use case for PrivateLink with Coralogix is connectivity for monitored applications running in AWS VPCs. To use Coralogix PrivateLink, you must create a VPC endpoint in the Coralogix AWS region matching your Coralogix domain. This is referred to as same-region VPC.

If your AWS resources to be monitored are in a different region, you can leverage VPC peering to meet the requirements by launching your Lambda in a cross-region VPC, local to the source.

PrivateLink Endpoints

Coralogix exposes the AWS PrivateLink endpoint in all Coralogix AWS regions.

Coralogix DomainCoralogix AWS RegionService NameOpenTelemetry –
Otel-Traces
Otel-Metrics
Otel-Logs
Coralogix
Lambda
Telemetry
Coralogix
Logs
Prometheus
RemoteWrite
coralogix.comeu-west-1 (Ireland)com.amazonaws.vpce.eu-west-1.vpce-svc-01f6152d495e211f0ingress.private.coralogix.com:443ingress.private.coralogix.com:443https://ingress.private.coralogix.com/logs/v1/singleshttps://ingress.private.coralogix.com/prometheus/v1

coralogix.in
ap-south1 (India)com.amazonaws.vpce.ap-south-1.vpce-svc-0eb807f14d645a973ingress.private.coralogix.in:443ingress.private.coralogix.in:443https://ingress.private.coralogix.in/logs/v1/singleshttps://ingress.private.coralogix.in/prometheus/v1

coralogix.us
us-east2
(US)
com.amazonaws.vpce.us-east-2.vpce-svc-067fdf46ffae1ed0eingress.private.coralogix.us:443ingress.private.coralogix.us:443https://ingress.private.coralogix.us/logs/v1/singleshttps://ingress.private.coralogix.us/prometheus/v1

eu2.coralogix.com
eu-north-1 (Stockholm)com.amazonaws.vpce.eu-north-1.vpce-svc-041b21c87be842c08ingress.private.eu2.coralogix.com:443ingress.private.coralogixsg.com:443https://ingress.private.eu2.coralogix.com/logs/v1/singleshttps://ingress.private.eu2.coralogix.com/prometheus/v1
coralogixsg.comap-southeast-1
(Singapore)
com.amazonaws.vpce.ap-southeast-1.vpce-svc-0e4cd83852ff2869bingress.private.coralogixsg.com:443ingress.private.coralogixsg.com:443https://ingress.private.coralogixsg.com/logs/v1/singleshttps://ingress.private.coralogixsg.com/prometheus/v1

cx498.coralogix.com

us-west-2
(Oregon)
com.amazonaws.vpce.us-west-2.vpce-svc-0f6436ddb210e5dbbingress.private.cx498-aws-us-west-2.coralogix.com:443ingress.private.cx498-aws-us-west-2.coralogix.com:443https://ingress.private.cx498-aws-us-west-2.coralogix.com:443/logs/v1/singleshttps://ingress.private.cx498-aws-us-west-2.coralogix.com:443/prometheus/v1

Prerequisites

  • If you use an integration involving Amazon S3, you must ensure that the VPC in which your Lambda is deployed has an S3 Service Gateway configured.
  • If you intend to use AWS Secrets Manager with your Lambda, you must create another VPC endpoint for the com.amazonaws.<AWS Region>.secretsmanager service. Detailed instructions can be found here.

VPC Configuration

To use Coralogix PrivateLink, you must create a VPC endpoint in the Coralogix AWS region matching your Coralogix domain. This is referred to as same-region VPC. For example, the coralogix.com domain is hosted in eu-west-1. A same-region VPC must be deployed in eu-west-1.

If your AWS resources to be monitored are in a different region, you can leverage VPC peering to meet the requirements by launching your Lambda in a cross-region VPC, local to the source. Cross-region VPC configuration instructions can be found here.

STEP 1. Create a VPC endpoint.

  • Connect to the AWS console in your Coralogix AWS region.
  • Navigate to the Endpoints section.
  • Click Create endpoint.

STEP 2. Name the VPC endpoint and select the service category: PrivateLink Ready partner services.

STEP 3. Input the Service name associated with your Coralogix AWS region, as per the above table.

STEP 4. Click Verify service.

  • You should receive the following message: Service name verified.
  • If you do not receive this message, contact us via our in-app chat or by sending us an email at [email protected].

STEP 5. Select a VPC in which to create the endpoint.

STEP 6. Expand the Additional settings section and Enable DNS name.

STEP 7. Select a security group to enable traffic to this VPC endpoint.

  • The security group must accept inbound traffic in port 443 (TCP).

STEP 8. Click Create endpoint.

STEP 9. Verify your configuration.

  • Ensure the VPC endpoint status appears as Available.

STEP 10. Enter the connected VPC and type the following command, adjusted per region:

#example US region
#telnet ingress.private.coralogix.us
telnet <ingress.private.<region> 443

Next Steps

  • If your AWS resources to be monitored are in a different region than your Coralogix domain, you have the option of leveraging VPC peering to meet the requirements by launching your Lambda in a cross-region VPC, local to the source. Cross-region VPC configuration instructions can be found here.
  • Align the VPC to your Lambda. Instructions can be found here.

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].

On this page