Skip to main content

Sumo Logic Connector for AWS PrivateLink (Beta)

Beta

Sumo Logic provides the ability to configure private connectivity between your AWS Infrastructure and Sumologic via AWS PrivateLink. This prevents any traffic from being accessible to the public internet.

Following sources are supported for AWS PrivateLink:

  • Installed Collector sources. Data collected on Installed collectors deployed on customer VPC and sent to the Sumo Logic.
  • HTTPs sources. Data sent by the applications hosted in customers VPC and sent over to Sumologic using HTTP Logs and Metrics Source and Kinesis Firehose Source for Logs and Metrics.

The following sources are not supported for AWS PrivateLink:

  • Cloud Syslog
  • AWS S3
  • AWS Cloudwatch source
  • Sumo Logic OpenTelemtry Distro
  • OTLP sources
  • RUM sources

Enable PrivateLink for ALB

To send data to Sumo Logic through AWS PrivateLink, you'll need to configure an internal endpoint in your VPC for Installed Collectors to send data to.

With the NLB-created and ALB-registered as a target, requests over AWS PrivateLink to the NLB are forwarded to the ALB.

Sumo Logic exposes AWS PrivateLink endpoints to different regions that depend on your Sumo Logic deployment. If you're using the VPC in a different region where the Sumo Logic PrivateLink endpoint service is set up, you need to set up VPC peering. Either way, you need to create an endpoint.

DeploymentCollection EndpointAWS Region of Sumo PrivateLink Endpoint Service
AUhttps://collectors.au.sumologic.comap-southeast-2
CAhttps://collectors.ca.sumologic.comca-central-1
DEhttps://collectors.de.sumologic.comeu-central-1
EUhttps://collectors.eu.sumologic.com
https://endpoint1.collection.eu.sumologic.com		eu-west-1
FEDhttps://collectors.fed.sumologic.comus-east-1
INhttps://collectors.in.sumologic.comap-south-1
JPhttps://collectors.jp.sumologic.comap-northeast-1
US1https://collectors.sumologic.com
https://endpoint1.collection.sumologic.com
https://endpoint2.collection.sumologic.com
https://endpoint3.collection.sumologic.com
https://endpoint4.collection.sumologic.com
https://endpoint5.collection.sumologic.com		us-east-1
US2https://collectors.us2.sumologic.com
https://endpoint1.collection.us2.sumologic.com
https://endpoint2.collection.us2.sumologic.com
https://endpoint3.collection.us2.sumologic.com
https://endpoint4.collection.us2.sumologic.com
https://endpoint5.collection.us2.sumologic.com
https://endpoint6.collection.us2.sumologic.com
https://endpoint7.collection.us2.sumologic.com
https://endpoint8.collection.us2.sumologic.com
https://endpoint9.collection.us2.sumologic.com		us-west-2

Create an endpoint to connect with the Sumo Logic endpoint service

  • The service name is provided by Sumo Logic and will accept the endpoint connection request once we know you initiated the connection.

  • Select the VPC where the Sumo Logic collector will be installed or where HTTP requests will be made for HTTP Sources.

    CreateEndpoint

No VPC Peering

If the VPC is in the same AWS region as your deployment, you do not need to set up VPC peering. Navigate to Actions, then select Modify private DNS name.

Endpoint

Check the box to enable private DNS names.

DnsCheckpoint

VPC Peering

If the VPC is not in the same AWS region as your deployment, you'll need to set up VPC peering.

  1. Create the VPC peering connection between the region for the client-side VPC and the region where the Sumo Logic PrivateLink service is configured.
  2. Create a Route53 private hosted zone. Select the VPC peered in the region where our server-side region is located.
  3. With the created private hosted zone, add an A record. Select the peered VPC in region us-west-2, where the Sumo Logic server-side infrastructure is located.
    QuickRecord
  4. Add the other peered VPC in the other region into the Route53-hosted zone.
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.