I'm a little confused and was wondering how others are utilizing PrivateLink.
I have some AWS accounts, some with EKS that have OneAgent installed and others with serverless components that are forwarding logs to CloudWatch and then being forwarded via Kinesis Firehose. I have some ActiveGate instances on one of my AWS accounts that are being used by OneAgents on my EKS accounts.
I've been advised that as I start to bring in more and more log and metric data, that my egress fees from AWS will continue to go up because my log/metric data are leaving the AWS Infrastructure and then going back into AWS to the Dynatrace Tenant. And that in order to keep my log/metric data from ever leaving AWS, I need to setup PrivateLink connections. The confusion for me is that the Dynatrace documentation make it seem like I need to have a VPC Endpoint/PrivateLink on each one of my VPCs, even though my resources are connected to my ActiveGate instances.
I'm wondering why can't I just have a PrivateLink/Endpoint setup on my account with the ActiveGates and then all of my AWS accounts are forwarding Dynatrace traffic data to my ActiveGates (assuming that OneAgents exist) and then those are going to Dynatrace via the PrivateLink and therefore never leaving the AWS infrastructure.
Furthermore, I assume that my Kinesis Firehose could also be pointed to stream data through the ActiveGates to Dynatrace, so that again, my traffic never leaves AWS infrastructure, and therefore keep my egress charges down.
Am I understanding this correctly? How are others utilizing PrivateLink?
In your case, where you have ActiveGate instances in one AWS account used by OneAgents on your EKS accounts, the ideal setup would likely involve configuring PrivateLink for these specific VPCs where ActiveGate instances reside. This configuration should enable traffic from OneAgents to reach Dynatrace via the ActiveGates without leaving AWS infrastructure. For your serverless components that forward logs to CloudWatch and then to Dynatrace via Kinesis Firehose, you would need to ensure that the Kinesis Firehose streams are configured to send data to Dynatrace through these PrivateLink-enabled ActiveGates.
Hope it helps.