Use this guide after you have configured AWS PrivateLink. Lambda functions must be explicitly aligned to a VPC that has PrivateLink connectivity to Coralogix.

## Lambda configuration

### Permissions

When a Lambda function runs inside a VPC, AWS creates and manages elastic network interfaces (ENIs) on the function’s behalf.

The Lambda execution role must have permission to create and manage these interfaces.

Attach the following permissions to the Lambda execution role:

```json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeNetworkInterfaces",
                "ec2:CreateNetworkInterface",
                "ec2:DeleteNetworkInterface"
            ],
            "Resource": "*"
        }
    ]
}
```

For full details, see the [AWS documentation](https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-permissions).

### Align the VPC to the Lambda

**1**. Follow [these instructions](https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-configuring) to align the VPC to the Lambda.

**2**. Update the `CORALOGIX_URL` environment variable to match the FQDN [endpoint](https://coralogix.com/docs/integrations/aws/aws-privatelink/aws-privatelink/index.md) for your Coralogix [domain](https://coralogix.com/docs/user-guides/account-management/account-settings/coralogix-domain/index.md).

## AWS Secrets Manager

If you intend to use [AWS Secrets Manager](https://aws.amazon.com/blogs/security/how-to-connect-to-aws-secrets-manager-service-within-a-virtual-private-cloud/) with your Lambda, you must create another VPC endpoint for the `com.amazonaws.<AWS Region>.secretsmanager` service. Detailed instructions can be found [here](https://aws.amazon.com/blogs/security/how-to-connect-to-aws-secrets-manager-service-within-a-virtual-private-cloud/).