Skip to content

Overview

Use this page to understand how AWS PrivateLink works with Coralogix and to choose the correct connectivity model before starting configuration.

AWS PrivateLink provides private, highly available connectivity between your VPC and Coralogix services, as if Coralogix were hosted directly inside your network. In this model, Coralogix acts as the service provider, and your AWS account acts as the consumer.

flowchart TD
    subgraph ConsumerVPC["Your VPC"]
        direction LR
        EC2["EC2 / ECS / EKS"]
        Lambda["AWS Lambda"]
        OnPrem["On-premises"]
    end

    EC2 & Lambda & OnPrem --> ENI["VPC Endpoint ENI"]

    ENI --> PL["AWS PrivateLink"]

    PL --> EP["Endpoint Service"]

    subgraph ProviderVPC["Provider VPC    (Coralogix)"]
        direction LR
        EP --> Ingestion
        EP --> API
        EP --> Syslog
    end

PrivateLink supports connectivity from:

  • EC2 and container-based workloads running in a VPC
  • AWS Lambda functions configured for VPC access
  • On-premises networks connecting through a VPN or AWS Direct Connect, allowing them to access services as if they were hosted directly in the local network.
  • Other AWS Services and SaaS products, which can act as consumers connecting to endpoint services

Core concepts

Private connectivity

All traffic stays within the AWS network and does not traverse the public internet. Internet gateways, NAT gateways, and public IPs are not required.

Interface VPC endpoints

Coralogix uses Interface type VPC endpoints. When you create an endpoint, AWS creates endpoint network interfaces (ENIs) with private IP addresses in the subnets you select. These ENIs are the private entry points to Coralogix.

Workloads such as EC2, containers, and Lambda functions send traffic to Coralogix through these endpoint ENIs.

Security and policy controls

Access is controlled using:

  • Security groups attached to ENIs
  • VPC endpoint policies (IAM resource policies)

What you will configure

All connectivity models follow the same high-level flow:

  1. Identify the Coralogix PrivateLink service that matches your Coralogix domain. Learn more in our Coralogix PrivateLink endpoints and deployment guide.
  2. Create an Interface VPC endpoint.
  3. Enable private DNS resolution.
  4. Validate connectivity from workloads inside your VPC.

Choose your connectivity model

Use the following flowchart to determine which PrivateLink setup guide best suits your needs.

graph TD
    Start[Where are your AWS resources located?] -->|Same region as Coralogix| SR[<b>Primary setup:</b><br/>Same-region configuration]
    Start -->|Different region| Part{Are both regions in the<br/>same AWS partition?}

    Part -->|Yes| Native[<b>Recommended:</b><br>Native cross-region]
    Part -->|No / Complex needs| Legacy[<b>Legacy workaround:</b><br>VPC Peering]

    SR --> EndSR[Follow same-region guide]
    Native --> EndNCR[Follow native cross-region guide]
    Legacy --> EndVP[Follow VPC Peering guide]

    %% Post-Connectivity Convergence
    EndSR --> Valid[Validate Connectivity]
    EndNCR --> Valid
    EndVP --> Valid

    %% Lambda Integration Step
    Valid --> IsLambda{Using AWS Lambda?}
    IsLambda -->|Yes| LambdaConfig[Follow Lambda configuration guide]
    IsLambda -->|No| Done[Configuration Complete]

    style SR fill:#d4edda,stroke:#a3d9b1
    style Native fill:#d4edda,stroke:#a3d9b1
    style Legacy fill:#f8d7da,stroke:#e8aeb3
    style LambdaConfig fill:#fff3cd,stroke:#e8d8a0

    %% CLICKABLE LINKS
    click SR "../same-region-connectivity/" "Open same-region configuration"
    click EndSR "../same-region-connectivity/" "Open same-region configuration"
    click Native "../aws-privatelink-cross-region-connection/" "Open native cross-region configuration"
    click EndNCR "../aws-privatelink-cross-region-connection/" "Open native cross-region configuration"
    click Legacy "../aws-privatelink-vpc-peering-configuration/" "Open VPC peering configuration"
    click EndVP "../aws-privatelink-vpc-peering-configuration/" "Open VPC peering configuration"
    click Valid "../endpoints-deployment/" "Open endpoints and deployment validation"
    click LambdaConfig "../aws-privatelink-lambda-configuration/" "Open Lambda configuration"

Lambda-specific considerations (high level)

When using AWS Lambda with PrivateLink:

  • The Lambda function must be attached to a VPC
  • Lambda creates requester-managed ENIs in the selected subnets
  • Additional endpoints may be required:
    • S3 Gateway Endpoint (if the integration uses Amazon S3)
    • Secrets Manager Interface Endpoint (if using AWS Secrets Manager)

Detailed Lambda configuration steps are covered in the Lambda Configuration guide.

Native cross-region considerations

When using native cross-region PrivateLink:

  • The IAM principal creating the endpoint must have the vpce:AllowMultiRegion permission
  • Both regions must belong to the same AWS partition
  • Availability Zones do not need to match Coralogix’s AZs
  • Inter-AZ traffic via PrivateLink endpoints is free, which can significantly reduce costs for high-volume telemetry

Visit the k8s and ecs-ec2 integration pages to learn how to enable PrivateLink in the integrations using a single toggle.

Need help? Contact Support.
What's new? Find out here.
LLM? Read llms.txt.
Previous AWS CloudWatch Metrics Processing
Next Same-region Configuration