AWS PrivateLink is a networking service provided by Amazon Web Services (AWS) that allows you to securely access services hosted on the AWS cloud over a private network connection. With AWS PrivateLink, you can access Axiom directly from your Amazon Virtual Private Cloud (VPC) without an internet gateway or NAT device, simplifying your network setup.

This page explains how to connect to Axiom over AWS PrivateLink by setting up a VPC endpoint within AWS and configuring Axiom to use that endpoint.

Axiom exposes AWS PrivateLink endpoints in the us-east-1 AWS region. To route traffic from other AWS regions, follow the setup in us-east-1 and then configure Amazon VPC peering.

Setup

  1. Connect the AWS Console to region us-east-1 and create a VPC. For more information, see the AWS documentation.
  2. Start creating a VPC endpoint. For more information, see the AWS documentation.
  3. In Service category, select Other endpoint services.
  4. In Service name, enter com.amazonaws.vpce.us-east-1.vpce-svc-05a64735cdf68866b to establish AWS PrivateLink for api.axiom.co.
  5. Click Verify service. If this does not succeed, reach out to Axiom Support.
  6. Select the VPC and subnets that you want to connect to the Axiom VPC service endpoint. Ensure that Enable DNS name is turned on and the security group accepts inbound traffic on TCP port 443.
  7. Finish the setup and wait for the VPC endpoint to become available. This usually takes 10 minutes.

Configure Amazon VPC Peering

To route traffic to Axiom’s PrivateLink offering in us-east-1 from other AWS regions, use inter-region Amazon VPC peering. Inter-region VPC peering allows you to establish connections between VPCs across different AWS regions. This allows VPC resources in different regions to communicate with each other using private IP addresses.

After following the setup in us-east-1, configure VPC peering to make the PrivateLink endpoint available in another region to send logs to Axiom over PrivateLink. For more information, see the AWS documentation.

When configuring PrivateLink with VPC peering, Amazon Route 53 is useful for resolving private DNS hostnames within your VPCs. Amazon Route 53 allows you to create private hosted zones within your VPC. These private hosted zones allow you to use custom domain names for your resources, such as EC2 instances, ELB load balancers, or RDS instances, without exposing them to the public internet. For more information, see the AWS documentation.