Gremlin Docs Logo
Go to app
Quick Start Guides
AWS Quick Start Guide
Reliability Management (RM) Quick Start Guide
Getting Started
Compatibility
Installing the Gremlin Agent
Authenticating the Gremlin Agent
Configuring the Gremlin Agent
Enabling DNS collection
Enabling AWS PrivateLink
Platform
Managing the Gremlin Agent
Updating Gremlin
Managing Users and Teams
Configuring Role Based Access Control (RBAC)
User Authentication via SAML and Okta
Integrations
Health Checks
Notifications
Restricting Testing Times
Command Line Interface
Reports
Reliability Management
Services and Dependencies
Detected Risks
Test Suites
Reliability Tests
Reliability Score
Fault Injection
Targets
Experiments
Scenarios
GameDays
Failure Flags
Failure Flags
Deploying Failure Flags on AWS Lambda
Deploying Failure Flags on AWS ECS
Deploying Failure Flags on Kubernetes
Deploying Failure Flags on the Istio service mesh via Envoy
Installing the Failure Flags SDK
Running Failure Flags experiments
API Reference
Getting started with the Gremlin API
Classes, methods, & attributes
API examples
Security
Security
Container security
Release Notes
General
Linux
Integration Agent for Linux
Windows
Chao
Helm
Failure Flags: Lambda Extension
Failure Flags: Sidecar
Resources
Gremlin User Community SlackBlogTutorialsGlossary
Start your 30 day free trial.
START FOR FREE
Docs Home
Getting Started
Enabling AWS PrivateLink

Enabling AWS PrivateLink

No items found.

If you have services running on AWS, you can connect directly to Gremlin’s Control Plane to keep network traffic contained within the AWS network. This is made possible by AWS PrivateLink, which seamlessly connects your AWS VPC endpoint(s) to Gremlin’s. This lets you use Gremlin without having to transmit data over the public Internet, allowing for greater security. 

Prerequisites

Before connecting to PrivateLink, you’ll need the following:

  1. A Virtual Private Cloud (VPC) with a subnet in the us-west-2 region and DNS hostnames and DNS resolution enabled. Alternatively, you can use VPC peering, Transit Gateways, or a similar method to send traffic through the us-west-2 region to Gremlin. Currently, Gremlin only has a PrivateLink endpoint in the us-west-2 region.
  2. One allocated private IP address for each subnet you own in the us-west-2 region.

Additionally, you’ll need to communicate with your Gremlin account executive about connecting to PrivateLink. PrivateLink connections are authorized on a per-account basis.

Configuring PrivateLink

Before you can establish a PrivateLink connection, you’ll need to have your account whitelisted by the Gremlin team. Please communicate with your Gremlin account executive about connecting to PrivateLink, and be prepared to provide your AWS account number.

Once your account has been whitelisted:

  1. Log into the AWS Console.
  2. Navigate to VPC, then Endpoints.
  3. Click Create Endpoint.
  4. Enter a Name, such as “GremlinPrivateLink.”
  5. Under Service category, select AWS Marketplace services.
  6. Under Services, select com.amazonaws.vpce.us-west-2.vpce-svc-03ebdd6baa028729d.
  7. Under VPC, select the VPC, subnets, and security groups in which to create the endpoint interfaces.
  8. Click Create endpoint.

Once the endpoint is created, it will enter a Pending state. From here, the connection will need to be activated by the Gremlin infrastructure team. To request approval, please contact your Gremlin account executive and let them know you’ve requested the connection. You’ll need your AWS account number. Once the infrastructure team has approved the request, your endpoint’s status will change to Available.

Resolving the Gremlin API to a private IP address

To resolve api.gremlin.com to a private IP address within the VPC, you’ll need to enable private DNS names:

  1. Open your VPC in the AWS console.
  2. Under Actions, select Modify private DNS name.
  3. Check Enable for this endpoint.
  4. Click Save changes.

Validating the connection

To verify that your VPC is connected, log in to an instance connected to the VPC and run curl -v https://api.gremlin.com/v1. If you have successfully configured the private endpoint, cURL will resolve api.gremlin.com to the IP address of the endpoint interface, and you should receive a 401 error message.

Troubleshooting

I can’t connect to the Gremlin API after configuring the interface.

The most common causes of this problem are issues with either the VPC routing table and/or the security groups attached to the endpoint. Ensure that you’ve configured the VPC to allow traffic to flow from your instances to the endpoint interface, and that your security groups allow traffic over port 443.

PrivateLink is having an outage and now I can’t use Gremlin. What can I do?

You can temporarily reconnect to Gremlin’s public API endpoint by disabling Private DNS Name on your VPC endpoint. Once PrivateLink is available again, re-enable this option.

Enabling DNS collection
Previous
Previous
Platform
Next
Next
On this page
Back to top