Using service endpoints to privately connect to IBM Cloud Logs Routing
To ensure that you have enhanced control and security over your data when you use IBM Cloud Logs Routing, you have the option of using private routes to IBM Cloud® service endpoints. Private routes are not accessible or reachable over the internet. By using the IBM Cloud private service endpoints feature, you can protect your data from threats from the public network and logically extend your private network.
Before you begin
You can connect to IBM Cloud Logs Routing over a private network by using IBM Cloud private service endpoints (CSE). For more information about CSEs, see the documentation for using service endpoints.
-
When you use the classic infrastructure, you connect to resources in your account over the IBM Cloud public network by default. You can enable virtual routing and forwarding (VRF) to move IP routing for your account and all of its resources into a separate routing table. If VRF is enabled, you can then enable IBM Cloud service endpoints to connect directly to resources without using the public network. Enabling VRF and service endpoints.
-
Virtual Private Clouds (VPCs) are automatically enabled for virtual routing and forwarding (VRF). To enable service endpoints for your VPC, continue to Enabling service endpoints.
You must first enable virtual routing and forwarding in your account, and then, you can enable the use of IBM Cloud private service endpoints.
Check if the account is VRF enabled
To check whether the account is VRF enabled, run the following command:
ibmcloud account show
Enable VRF in the account
To enable private endpoints, run the following command:
ibmcloud account update --service-endpoint-enable true
Setting up service endpoints for IBM Cloud Logs Routing
You can connect to IBM Cloud Logs Routing management API by using either a public endpoint or a private endpoint. A public endpoint can be reached over the internet, whereas a private endpoint can be accessed only from within the IBM Cloud private network.
The ingestion API supports only private endpoints and is therefore not accessible from the public internet.
By default, private and public endpoints are enabled. For more information about supported endpoints, see Endpoints.
Disabling public service endpoints for IBM Cloud Logs Routing
You cannot disable public endpoints.
Disabling private service endpoints
You cannot disable private endpoints.