AWS PrivateLink

AWS PrivateLink provides private connectivity between virtual private clouds (VPCs), supported AWS services, and your on-premises networks without exposing your traffic to the public internet. Interface VPC endpoints, powered by PrivateLink, connect you to services hosted by Coralogix. While Coralogix monitoring traffic is always secure, PrivateLink provides stable connectivity, a reduction in traffic costs, and even greater security by maintaining data on the AWS network.

This tutorial provides AWS Coralogix PrivateLink endpoints and instructions for standard configuration.

Use Cases

The primary use case for PrivateLink with Coralogix is connectivity for monitored applications running in AWS VPCs. To use Coralogix PrivateLink, you must create a VPC endpoint in the Coralogix AWS region matching your Coralogix domain. This is referred to as same-region VPC.

If your AWS resources to be monitored are in a different region, you can leverage VPC peering to meet the requirements by launching your Lambda in a cross-region VPC, local to the source.

PrivateLink Endpoints

Coralogix exposes the AWS PrivateLink endpoint in all Coralogix AWS regions.

Coralogix Domain	Coralogix AWS Region	Service Name	OpenTelemetry - Otel-Traces Otel-Metrics Otel-Logs	Coralogix Lambda Telemetry	Coralogix Logs	Prometheus RemoteWrite
coralogix.com	eu-west-1 (Ireland)	com.amazonaws.vpce.eu-west-1.vpce-svc-01f6152d495e211f0	ingress.private.coralogix.com:443	ingress.private.coralogix.com:443	https://ingress.private.coralogix.com/logs/v1/singles	https://ingress.private.coralogix.com/prometheus/v1
coralogix.in	ap-south1 (India)	com.amazonaws.vpce.ap-south-1.vpce-svc-0eb807f14d645a973	ingress.private.coralogix.in:443	ingress.private.coralogix.in:443	https://ingress.private.coralogix.in/logs/v1/singles	https://ingress.private.coralogix.in/prometheus/v1
coralogix.us	us-east2 (US)	com.amazonaws.vpce.us-east-2.vpce-svc-067fdf46ffae1ed0e	ingress.private.coralogix.us:443	ingress.private.coralogix.us:443	https://ingress.private.coralogix.us/logs/v1/singles	https://ingress.private.coralogix.us/prometheus/v1
eu2.coralogix.com	eu-north-1 (Stockholm)	com.amazonaws.vpce.eu-north-1.vpce-svc-041b21c87be842c08	ingress.private.eu2.coralogix.com:443	ingress.private.coralogixsg.com:443	https://ingress.private.eu2.coralogix.com/logs/v1/singles	https://ingress.private.eu2.coralogix.com/prometheus/v1
coralogixsg.com	ap-southeast-1 (Singapore)	com.amazonaws.vpce.ap-southeast-1.vpce-svc-0e4cd83852ff2869b	ingress.private.coralogixsg.com:443	ingress.private.coralogixsg.com:443	https://ingress.private.coralogixsg.com/logs/v1/singles	https://ingress.private.coralogixsg.com/prometheus/v1
cx498.coralogix.com	us-west-2 (Oregon)	com.amazonaws.vpce.us-west-2.vpce-svc-0f6436ddb210e5dbb	ingress.private.cx498-aws-us-west-2.coralogix.com:443	ingress.private.cx498-aws-us-west-2.coralogix.com:443	https://ingress.private.cx498-aws-us-west-2.coralogix.com:443/logs/v1/singles	https://ingress.private.cx498-aws-us-west-2.coralogix.com:443/prometheus/v1
ap3.coralogix.com	ap-southeast-3 (Jakarta)	com.amazonaws.vpce.ap-southeast-3.vpce-svc-0cbb93cb2b4630b9e	ingress.private.ap3.coralogix.com:443	ingress.private.ap3.coralogix.com:443	https://ingress.private.ap3.coralogix.com/logs/v1/singles	https://ingress.private.ap3.coralogix.com/prometheus/v1

Prerequisites

If you use an integration involving Amazon S3, you must ensure that the VPC in which your Lambda is deployed has an S3 Service Gateway configured.
If you intend to use AWS Secrets Manager with your Lambda, you must create another VPC endpoint for the com.amazonaws.<AWS Region>.secretsmanager service. Detailed instructions can be found here.

VPC Configuration

To use Coralogix PrivateLink, you must create a VPC endpoint in the Coralogix AWS region matching your Coralogix domain. This is referred to as same-region VPC. For example, the coralogix.com domain is hosted in eu-west-1. A same-region VPC must be deployed in eu-west-1.

If your AWS resources to be monitored are in a different region, you can leverage VPC peering to meet the requirements by launching your Lambda in a cross-region VPC, local to the source. Cross-region VPC configuration instructions can be found here.

STEP 1. Create a VPC endpoint.

Connect to the AWS console in your Coralogix AWS region.
Navigate to the Endpoints section.
Click Create endpoint.

STEP 2. Name the VPC endpoint and select the service category: PrivateLink Ready partner services.

STEP 3. Input the Service name associated with your Coralogix AWS region, as per the above table.

STEP 4. Click Verify service.

You should receive the following message: Service name verified.
If you do not receive this message, contact us via our in-app chat or by sending us an email at [email protected].

STEP 5. Select a VPC in which to create the endpoint.

STEP 6. Expand the Additional settings section and Enable DNS name.

STEP 7. Select a security group to enable traffic to this VPC endpoint.

The security group must accept inbound traffic in port 443 (TCP).

STEP 8. Click Create endpoint.

STEP 9. Verify your configuration.

Ensure the VPC endpoint status appears as Available.

STEP 10. Enter the connected VPC and type the following command, adjusted per region:

#example US region
#telnet ingress.private.coralogix.us
telnet <ingress.private.<region> 443

Next Steps

If your AWS resources to be monitored are in a different region than your Coralogix domain, you have the option of leveraging VPC peering to meet the requirements by launching your Lambda in a cross-region VPC, local to the source. Cross-region VPC configuration instructions can be found here.
Align the VPC to your Lambda. Instructions can be found here.

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].

AWS CloudWatch: Data Collection Options

Next AWS PrivateLink: VPC Peering Configuration