AWS PrivateLink

AWS PrivateLink provides private connectivity between virtual private clouds (VPCs), supported AWS services, and your on-premises networks without exposing your traffic to the public internet. Interface VPC endpoints, powered by PrivateLink, connect you to services hosted by Coralogix. While Coralogix monitoring traffic is always secure, PrivateLink provides stable connectivity, a reduction in traffic costs, and even greater security by maintaining data on the AWS network.

This tutorial provides AWS Coralogix PrivateLink endpoints and instructions for standard configuration.

Use Cases

The primary use case for PrivateLink with Coralogix is connectivity for monitored applications running in AWS VPCs. To use Coralogix PrivateLink, you must create a VPC endpoint in the Coralogix AWS region matching your Coralogix domain. This is referred to as same-region VPC.

PrivateLink Endpoints

Coralogix exposes the AWS PrivateLink endpoint in all Coralogix AWS regions.

Coralogix Domain	Coralogix AWS Region	Service Name	OpenTelemetry - Otel-Traces Otel-Metrics Otel-Logs	Coralogix Lambda Telemetry	Coralogix Logs	Prometheus RemoteWrite
coralogix.com	eu-west-1 (Ireland)	com.amazonaws.vpce.eu-west-1.vpce-svc-01f6152d495e211f0	ingress.private.coralogix.com:443	ingress.private.coralogix.com:443	https://ingress.private.coralogix.com/logs/v1/singles	https://ingress.private.coralogix.com/prometheus/v1
coralogix.in	ap-south1 (India)	com.amazonaws.vpce.ap-south-1.vpce-svc-0eb807f14d645a973	ingress.private.coralogix.in:443	ingress.private.coralogix.in:443	https://ingress.private.coralogix.in/logs/v1/singles	https://ingress.private.coralogix.in/prometheus/v1
coralogix.us	us-east2 (US)	com.amazonaws.vpce.us-east-2.vpce-svc-067fdf46ffae1ed0e	ingress.private.coralogix.us:443	ingress.private.coralogix.us:443	https://ingress.private.coralogix.us/logs/v1/singles	https://ingress.private.coralogix.us/prometheus/v1
eu2.coralogix.com	eu-north-1 (Stockholm)	com.amazonaws.vpce.eu-north-1.vpce-svc-041b21c87be842c08	ingress.private.eu2.coralogix.com:443	https://prometheus-gateway.eu2.coralogix.com	https://ingress.private.eu2.coralogix.com/logs/v1/singles	https://ingress.private.eu2.coralogix.com/prometheus/v1
coralogixsg.com	ap-southeast-1 (Singapore)	com.amazonaws.vpce.ap-southeast-1.vpce-svc-0e4cd83852ff2869b	ingress.private.coralogixsg.com:443	ingress.private.coralogixsg.com:443	https://ingress.private.coralogixsg.com/logs/v1/singles	https://ingress.private.coralogixsg.com/prometheus/v1
cx498.coralogix.com	us-west-2 (Oregon)	com.amazonaws.vpce.us-west-2.vpce-svc-0f6436ddb210e5dbb	ingress.private.cx498-aws-us-west-2.coralogix.com:443	ingress.private.cx498-aws-us-west-2.coralogix.com:443	https://ingress.private.cx498-aws-us-west-2.coralogix.com:443/logs/v1/singles	https://ingress.private.cx498-aws-us-west-2.coralogix.com:443/prometheus/v1
ap3.coralogix.com	ap-southeast-3 (Jakarta)	com.amazonaws.vpce.ap-southeast-3.vpce-svc-0cbb93cb2b4630b9e	ingress.private.ap3.coralogix.com:443	ingress.private.ap3.coralogix.com:443	https://ingress.private.ap3.coralogix.com/logs/v1/singles	https://ingress.private.ap3.coralogix.com/prometheus/v1

Prerequisites

• If you use an integration involving Amazon S3, you must ensure that the VPC in which your Lambda is deployed has an S3 Service Gateway configured.

• If you intend to use AWS Secrets Manager with your Lambda, you must create another VPC endpoint for the com.amazonaws.<AWS Region>.secretsmanager service. Detailed instructions can be found here.

VPC Configuration

To use Coralogix PrivateLink, you must create a VPC endpoint in the Coralogix AWS region matching your Coralogix domain. This is referred to as same-region VPC. For example, the coralogix.com domain is hosted in eu-west-1. A same-region VPC must be deployed in eu-west-1.

STEP 1. Create a VPC endpoint.

• Connect to the AWS console in your Coralogix AWS region.

• Navigate to the Endpoints section.

• Click Create endpoint.

STEP 2. Name the VPC endpoint and select the service category: PrivateLink Ready partner services.

STEP 3. Input the Service name associated with your Coralogix AWS region, as per the above table.

STEP 4. Click Verify service.

• You should receive the following message: Service name verified.

• If you do not receive this message, contact us via our in-app chat or by sending us an email at support@coralogix.com.

STEP 5. Select a VPC in which to create the endpoint.

STEP 6. Expand the Additional settings section and Enable DNS name.

STEP 7. Select a security group to enable traffic to this VPC endpoint.

• The security group must accept inbound traffic in port 443 (TCP).

STEP 8. Click Create endpoint.

STEP 9. Verify your configuration.

• Ensure the VPC endpoint status appears as Available.

STEP 10. Connect to the VPC network.

Validate that the endpoint is working with either the following:

1. Connected VPC to a running workload (e.g. ec2 instance) and enter the following command, adjusted per cross-region:

# example US region
# telnet ingress.private.coralogix.us
telnet <ingress.private.<region-domain> 443

1. Try sending a test log using the Coralogix REST API /singles ```

Next Steps

• If your AWS resources are in a different region than your Coralogix domain, you have two options:
• VPC Peering: Deploy your Lambda function using VPC peering with a cross-region VPC local to the data source. Learn more in our AWS PrivateLink: VPC Peering Configuration guide.

• Native Cross-Region PrivateLink: Use AWS's native cross-region connectivity for PrivateLink, which provides a simpler alternative without complex VPC peering. Learn more in our AWS PrivateLink: Cross-Region Connectivity guide.

• Align the VPC to your Lambda. Instructions can be found here.

Previous AWS CloudWatch Metrics Processing

Next Cross-Region Connectivity

Theme

Light

light

dark