Help Docs

AWS PrivateLink integration

AWS PrivateLink is a networking service that enables private connectivity between VPC, AWS services, and the traffic between cloud and on-premises applications without exposing traffic to the public internet. It helps ensure secure and scalable communication by using interface VPC endpoints within your virtual network.

Site24x7’s integration for AWS PrivateLink helps you maintain secure and reliable private networking within your AWS environment.

Overview

Site24x7's AWS PrivateLink monitoring brings deep observability into your private network infrastructure in the cloud. Once integrated, Site24x7 discovers all your VPC Endpoints and VPC Endpoint Services and creates dedicated monitors for each.

  • VPC Endpoint monitor: Monitors the health, status, and network interface details of interface and gateway endpoints used to privately connect your VPC to supported AWS services.
  • VPC Endpoint Services monitor: Tracks the availability and configuration of services exposed over PrivateLink, allowing you to ensure optimal service delivery and secure access control for consumers.

Use cases

Let's explore a couple of use cases where Site24x7's VPC Endpoint monitor alert features helps organizations improve performance and enhance productivity.

  • Consider an enterprise running a mission-critical application within a private VPC that relies on secure connectivity to AWS services like S3 and DynamoDB via interface VPC endpoints. One day, an unexpected configuration change disables the DNS resolution for one of the VPC endpoints, resulting in API failures and service disruptions.
    With Site24x7’s VPC Endpoint monitor, the issue is immediately detected through continuous polling of the endpoint status. An alert is triggered when the endpoint changes to a trouble or critical state, which helps the operations team to resolve the DNS configuration swiftly. This proactive detection and alerting help the business to maintain application uptime and reduce mean time to recovery (MTTR).
  • A SaaS provider hosts a PrivateLink-enabled application and exposes it to multiple customer VPCs using VPC Endpoint Services. Each customer creates a VPC endpoint that connects to this service. During a new customer onboarding, one of the endpoints remains on hold due to a missed manual approval. Without visibility, this could go unnoticed, delaying customer activation and support SLAs.
    With Site24x7’s VPC Endpoint Services monitor, the team receives an alert for the pending endpoint request, along with details like requester ID and VPC. This enables immediate approval and customer onboarding within the SLA window. Site24x7 also helps track usage across all availability zones and accounts, giving the provider a clear inventory of who’s consuming their service, along with real-time connection statuses.

Benefits of the integration between Site24x7 and AWS PrivateLink

Integrate your AWS PrivateLinks with Site24x7 to leverage the following benefits:

  • Comprehensive visibility: Automatically discover and monitor all VPC Endpoints and VPC Endpoint Services in your AWS account.
  • Secure monitoring: Get insights into your private traffic pathways without exposing sensitive data over the public internet.
  • In-depth metrics: View state, status messages, associated network interfaces, service names, acceptance states, and more.
  • Proactive alerts: Get notified about endpoint failures, rejected service connections, or misconfigured services.
  • Inventory management: Track endpoint proliferation across regions and services from a single console.

Setup and configuration

  • If you have not done so already, enable access to your AWS resources by creating a cross-account IAM role between your AWS account and Site24x7's AWS account. Learn more.
  • On the Integrate AWS Account page, ensure VPC PrivateLinks is selected in the Services to be discovered field. Learn more.

Permissions

Ensure that Site24x7 receives each of the following permissions to monitor VPC Endpoint and VPC Endpoint Service:

  • "ec2:Describe*"
  • "logs:Start*"
  • "logs:Get*"
  • "logs:Describe*"

Polling frequency

The metric data for VPC Endpoint and VPC Endpoint Service monitoring is collected at a default poll frequency of five minutes.

Supported metrics

The supported metrics for the monitors are provided below.

VPC Endpoint monitor

Metric name Description Statistics Unit

Active Connections

The number of concurrent active connections.

Average, Maximum, and Minimum.

Count

Bytes Processed

The number of bytes exchanged between endpoints and endpoint services, aggregated in both directions.

Average, Sum, Maximum, and Minimum.

Count

New Connections

The number of new connections established through the endpoint.

Average, Sum, Maximum, and Minimum.

Count

Packets Dropped

The number of packets dropped by the endpoint.

Average, Sum, and Maximum.

Count

RstPackets Received

The number of RST (Reset) packets received by the endpoint.

Average, Sum, and Maximum.

Count

VPC Endpoint Service

Metric name Description Statistics Unit

Active Connections

The maximum number of active connections from clients to targets through the endpoints.

Average and Maximum

Count

Bytes Processed

The number of bytes exchanged between endpoint services and endpoints, in both directions.

Average, Sum, and Maximum.

Count

Endpoints Count

The number of endpoints connected to the endpoint service.

Average and Maximum.

Count

New Connections

The number of new connections established from clients to targets through the endpoints.

Average, Sum, and Maximum.

Count

RstPackets Sent

The number of RST packets sent to endpoints by the endpoint service.

Average, Sum, and Maximum.

Count

Threshold configuration

To configure thresholds for your integrated monitor:

  1. Log in to your Site24x7 account and navigate to Admin > Configuration Profiles > Threshold and Availability.
  2. Click Add Threshold Profile.
  3. Select the applicable monitor type from the Monitor Type drop-down menu. The applicable monitor types are VPC Endpoint and VPC Endpoint Services.
  4. Provide an appropriate name in the Display Name field.
  5. The supported metrics are displayed in the Threshold Configuration section. You can set threshold values for all the metrics mentioned above.
  6. Click Save.

Licensing

Licensing details about the various monitors are provided here:

  • Each Subnet monitor is a free monitor.
  • Each VPC Endpoint Service monitor is considered a basic monitor.
  • For the VPC Endpoint monitor, five monitors utilize one basic monitor license.

To view the VPC Endpoint monitor:

  • From the Site24x7 console, navigate to Cloud > AWS > VPC Endpoint.

To view the VPC Endpoint Service monitor:

  • From the Site24x7 console, navigate to Cloud > AWS > VPC Endpoint Service.

Monitor data

The monitor data for each AWS PrivateLinks monitor is given below.

VPC Endpoint

You can view the Endpoint monitor data on the following tabs:

Summary

The Summary tab displays the number of child monitors and their detailed view in the form of a chart or a table.

Subnets

Obtain the Subnet monitor's data along with the configured metrics data from the Subnets tab.

Configuration

View the configuration information of VPC Endpoint monitors, such as Region, Endpoint ID, Status, and Endpoint Type in the Configuration tab.

Outages

The Outages tab provides details on an outage's start time, end time, duration, and comments, if any.

Inventory

Obtain details like Resource Name, Region, and Monitor Licensing Category from the Inventory tab. Set and view the Threshold and Availability Profile and the Notification Profile according to the user in this tab.

Log Report

This tab provides a consolidated report of the VPC Endpoint monitor's log status, which can be downloaded as a CSV file.

Alert Logs

This tab displays a chronological list of all triggered alerts related to the VPC Endpoint monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.

VPC Endpoint Service

You can view the Endpoint Services monitor data on the following tabs:

Summary

The Summary tab displays the number of child monitors and their detailed view in the form of a chart or a table.

Endpoints Connections

The Endpoint Connections tab provides details such as Endpoint Connections Availability and the list of Endpoint Connections associated with the monitor. Click the desired monitor name to obtain the VPC Endpoint monitor details.

Configuration

View the configuration information of VPC Endpoint monitors, such as Region, Service ID, Status, and Service Type in the Configuration tab.

Allowed Principals

The Allowed Principals tab lists the AWS principals (typically AWS accounts or IAM roles) that are permitted to create a connection to your PrivateLink-enabled service. You can obtain the following details from this tab:

  • Name: A user-defined label or identifier for the principal.
  • ID: The Amazon Resource Name (ARN) of the allowed principal, such as an AWS account root or IAM entity.
  • Type: Indicates the type of principal (for example, Account, Role, Service).
  • Service Permission ID: A unique identifier for the permission granted to the principal, used to track and manage access.

This tab helps you easily view and audit who is authorized to consume your VPC Endpoint Service, ensuring secure and controlled access to your PrivateLink resources. Any unauthorized access attempts or misconfigurations can be quickly spotted and addressed.

Notifications

The Notifications tab displays the list of configured AWS SNS (Simple Notification Service) topics that are used to receive event-based alerts related to the endpoint service. You can obtain the following details from this tab:

  • Notification ID: A unique identifier for the configured notification rule.
  • Event: The specific PrivateLink event being monitored (for example, Connect, which triggers when a new VPC endpoint attempts to connect to the service).
  • ARN: The Amazon Resource Name of the SNS topic where notifications are published.
  • Status: Indicates whether the notification is currently enabled or disabled.

Contributor Insights

The Contributor Insights tab provides a list of built-in contributor insights rules associated with the VPC Endpoint Service. These rules enable real-time analysis of structured logs to identify top contributors (such as VPC endpoint IDs) to specific types of network activity or anomalies.

Monitored Resources

The Monitored Resources tab displays the backend AWS resources associated with your VPC Endpoint Service that are being monitored by Site24x7. If your endpoint service is integrated with a Load Balancer, it will appear here as a linked and monitored resource. Click the desired Load Balancer monitor name to view the monitor details.

Outages

The Outages tab provides details on an outage's start time, end time, duration, and comments, if any.

Inventory

Obtain details like Service Name , Region , and Monitor Licensing Category from the Inventory tab. Set and view the Threshold and Availability Profile and the Notification Profile according to the user in this tab.

Log Report

This tab provides a consolidated report of the VPC Endpoint Service monitor's log status, which can be downloaded as a CSV file.

Alert Logs

This tab displays a chronological list of all triggered alerts related to the VPC Endpoint Service monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.

Was this document helpful?

Would you like to help us improve our documents? Tell us what you think we could do better.


We're sorry to hear that you're not satisfied with the document. We'd love to learn what we could do to improve the experience.


Thanks for taking the time to share your feedback. We'll use your feedback to improve our online help resources.

Shortlink has been copied!