diff --git a/content/en/agent/guide/private-link.md b/content/en/agent/guide/private-link.md index 712ebc03bd5..ab6aaa2eda6 100644 --- a/content/en/agent/guide/private-link.md +++ b/content/en/agent/guide/private-link.md @@ -52,7 +52,7 @@ Datadog exposes AWS PrivateLink endpoints in **{{< region-param key="aws_region" {{< img src="agent/guide/private_link/vpc_service_name.png" alt="VPC service name" style="width:70%;" >}} -{{% site-region region="us,ap1" %}} +{{% site-region region="ap1" %}} | Datadog | PrivateLink service name | Private DNS name | |---------------------------|----------------------------------------------------------------------------------------|------------------------------------------------------------------------| | Logs (Agent HTTP intake) | {{< region-param key="aws_private_link_logs_agent_service_name" code="true" >}} | {{< region-param key="agent_http_endpoint_private_link" code="true" >}} | @@ -66,6 +66,9 @@ Datadog exposes AWS PrivateLink endpoints in **{{< region-param key="aws_region" | Database Monitoring | {{< region-param key="aws_private_link_dbm_service_name" code="true" >}} | {{< region-param key="dbm_endpoint_private_link" code="true" >}} | | Remote Configuration | {{< region-param key="aws_private_link_remote_config_service_name" code="true" >}} | {{< region-param key="remote_config_endpoint_private_link" code="true" >}} | {{% /site-region %}} +{{% site-region region="us" %}} +For the complete list of US1 DNS records and VPC service endpoints, see [VPC Endpoint Service IDs](#vpc-endpoint-service-ids). +{{% /site-region %}} {{% site-region region="ap2" %}} For the complete list of AP2 DNS records and VPC service endpoints, see [VPC Endpoint Service IDs](#vpc-endpoint-service-ids). {{% /site-region %}} @@ -137,7 +140,7 @@ After the endpoint status is updated to {{< ui >}}Available{{< /ui >}}, you can ## PrivateLink service names -{{% site-region region="us,ap1" %}} +{{% site-region region="ap1" %}} | Datadog | PrivateLink service name | Private DNS name | |---------------------------|----------------------------------------------------------------------------------------|------------------------------------------------------------------------| | Logs (Agent HTTP intake) | {{< region-param key="aws_private_link_logs_agent_service_name" code="true" >}} | {{< region-param key="agent_http_endpoint_private_link" code="true" >}} | @@ -151,6 +154,9 @@ After the endpoint status is updated to {{< ui >}}Available{{< /ui >}}, you can | Database Monitoring | {{< region-param key="aws_private_link_dbm_service_name" code="true" >}} | {{< region-param key="dbm_endpoint_private_link" code="true" >}} | | Remote Configuration | {{< region-param key="aws_private_link_remote_config_service_name" code="true" >}} | {{< region-param key="remote_config_endpoint_private_link" code="true" >}} | {{% /site-region %}} +{{% site-region region="us" %}} +For the complete list of US1 DNS records and VPC service endpoints, see [VPC Endpoint Service IDs](#vpc-endpoint-service-ids). +{{% /site-region %}} {{% site-region region="ap2" %}} For the complete list of AP2 DNS records and VPC service endpoints, see [VPC Endpoint Service IDs](#vpc-endpoint-service-ids). {{% /site-region %}} @@ -171,7 +177,7 @@ For the complete list of AP2 DNS records and VPC service endpoints, see [VPC End {{< img src="agent/guide/private_link/vpc_service_name.png" alt="VPC service name" style="width:90%;" >}} -{{% site-region region="us,ap1" %}} +{{% site-region region="ap1" %}} | Datadog | PrivateLink service name | |---------------------------|----------------------------------------------------------------------------------------| | Logs (Agent HTTP intake) | {{< region-param key="aws_private_link_logs_agent_service_name" code="true" >}} | @@ -185,6 +191,9 @@ For the complete list of AP2 DNS records and VPC service endpoints, see [VPC End | Database Monitoring | {{< region-param key="aws_private_link_dbm_service_name" code="true" >}} | | Remote Configuration | {{< region-param key="aws_private_link_remote_config_service_name" code="true" >}} | {{% /site-region %}} +{{% site-region region="us" %}} +For the complete list of US1 DNS records and VPC service endpoints, see [VPC Endpoint Service IDs](#vpc-endpoint-service-ids). +{{% /site-region %}} {{% site-region region="ap2" %}} For the complete list of AP2 DNS records and VPC service endpoints, see [VPC Endpoint Service IDs](#vpc-endpoint-service-ids). {{% /site-region %}} @@ -215,7 +224,7 @@ For the complete list of AP2 DNS records and VPC service endpoints, see [VPC End Use the list below to map service and DNS name to different parts of Datadog: -{{% site-region region="us,ap1" %}} +{{% site-region region="ap1" %}} | Datadog | PrivateLink service name | Private DNS name | |---------------------------|----------------------------------------------------------------------------------------|------------------------------------------------------------------------| | Logs (Agent HTTP intake) | {{< region-param key="aws_private_link_logs_agent_service_name" code="true" >}} | {{< region-param key="agent_http_endpoint_private_link" code="true" >}} | @@ -229,6 +238,9 @@ Use the list below to map service and DNS name to different parts of Datadog: | Database Monitoring | {{< region-param key="aws_private_link_dbm_service_name" code="true" >}} | {{< region-param key="dbm_endpoint_private_link" code="true" >}} | | Remote Configuration | {{< region-param key="aws_private_link_remote_config_service_name" code="true" >}} | {{< region-param key="remote_config_endpoint_private_link" code="true" >}} | {{% /site-region %}} +{{% site-region region="us" %}} +For the complete list of US1 DNS records and VPC service endpoints, see [VPC Endpoint Service IDs](#vpc-endpoint-service-ids). +{{% /site-region %}} {{% site-region region="ap2" %}} For the complete list of AP2 DNS records and VPC service endpoints, see [VPC Endpoint Service IDs](#vpc-endpoint-service-ids). {{% /site-region %}} @@ -323,6 +335,56 @@ The VPCs with Private Hosted Zone (PHZ) attached need to have a couple of settin [16]: /agent/logs/?tab=tailexistingfiles#send-logs-over-https [17]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/vpc-endpoint-overview.html +{{% site-region region="us" %}} +## VPC Endpoint Service IDs + +US1 uses a two-level DNS architecture for PrivateLink. Every customer-facing DNS record maps to a dedicated `color.intake.datadoghq.com` VPC endpoint address. Setting up a VPC endpoint for a given anchor address covers all customer-facing records that map to it. + +Use the following table to identify which VPC endpoints to set up for the Datadog features you use. Wildcard entries match any subdomain not otherwise listed. + +| Name | Anchor | VPC Endpoint Service ID | +|---|---|---| +| `webhook-intake.datadoghq.com` | `azure.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-02bee2072b5c3c226` | +| `webhooks-http-intake.logs.datadoghq.com` | `azure.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-02bee2072b5c3c226` | +| `*.integrations.otlp.datadoghq.com` | `brown.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-00192e92115cbcc75` | +| `opamp.datadoghq.com` | `brown.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-00192e92115cbcc75` | +| `otlp.datadoghq.com` | `brown.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-00192e92115cbcc75` | +| `mcp.datadoghq.com` | `cornsilk.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-058a75ceea85a9175` | +| `agenthealth-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `ci-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `cicodescan-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `citestcov-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `citestcycle-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `cloudplatform-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `contimage-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `contlcycle-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `cws-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `debugger-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `error-tracking-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `event-management-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `event-platform-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `feed-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `instrumentation-telemetry-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `kubeops-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `llmobs-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `ndm-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `ndmflow-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `netpath-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `ocimetrics-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `resources-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `sbom-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `sds-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `sentry-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `snmp-traps-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `softinv-intake.datadoghq.com` | `cyan.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0b3292e3efce2a445` | +| `iam-rum-intake.datadoghq.com` | `gray.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0a3b2d86676122d8d` | +| `rum-http-intake.logs.datadoghq.com` | `gray.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0a3b2d86676122d8d` | +| `rum.browser-intake-datadoghq.com` | `gray.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-0a3b2d86676122d8d` | +| `network-devices.datadoghq.com` | `olive.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-05e3bfec4501e714d` | +| `*.synthetics.datadoghq.com` | `orchid.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-07895350fd0109264` | +| `api.datadoghq.com` | `orchid.intake.datadoghq.com` | `com.amazonaws.vpce.us-east-1.vpce-svc-07895350fd0109264` | +{{% /site-region %}} + {{% site-region region="ap2" %}} ## VPC Endpoint Service IDs