This limited release feature allows you to send logs and metric data to New Relic’s FedRAMP-authorized AWS Fed Cell environment (authorized by FedRAMP PMO November 30, 2020). To send logs and metrics to this environment, you must update the endpoints used by our Log API and Metric API.
Important
This feature is in limited release. For questions, email product manager James Stuckey at jstuckey@newrelic.com.
Requirements and disclosure
Requirements and limitations include:
- Metric data requirements:
- Data sent via Metric API or via integrations that use it
- Prometheus remote write not supported
- Log data requirements:
- Logs sent via Log API or via integrations that use it
- AWS Kinesis Firehose not supported
- Static IPs are not supported
Important
Disclosure: Participation in and use of this limited release feature is subject to the New Relic Pre-release Policy and agreeing to New Relic’s Pre-release agreement. The current list of FedRAMP authorized Products offered by New Relic is set forth within the Documentation. By electing to access and use Pre-release Services, such as this limited release feature, Customer acknowledges that an authorized official of the agency or organization indicated acknowledgement of the FedRAMP authorization status of the Pre-release Services and Customer acknowledges that Customer will use those products in a manner consistent with Customer’s own security requirements
FedRAMP endpoints
Logs and dimensional metric data are sent to New Relic via our Metric API and Log API endpoints either directly, by making an HTTPS request to the API, or indirectly by using an integration, a Telemetry SDK, or log forwarder. In order to send metric or log data to our FedRAMP-authorized environment, you must replace the standard Metric API and Log API endpoint with the corresponding FedRAMP-compliant endpoint:
- Dimensional metrics:
- Replace references to
https://metric-api.newrelic.com/metric/v1withhttps://gov-metric-api.newrelic.com/metric/v1
- Replace references to
- Logs:
- Replace references to
https://log-api.newrelic.com/log/v1withhttps://gov-log-api.newrelic.com/log/v1
- Replace references to
Unless you are sending the data directly to the API via HTTPS, the way you configure things will vary depending on the specific New Relic mechanism you are using. Here are tips on where you will need to make this configuration change:
Logs
Below are instructions showing where to reconfigure the default Log API endpoint with our FedRAMP-compliant endpoint for some of our logging tools.
- AWS Firelens: Add the
endpointproperty to theoptionsfield of thelogConfiguration, similar to to the EU account endpoint change shown in these Firelens endpoint configuration instructions. - Fluentbit: Use our Fluentbit endpoint configuration.
- Infrastructure agent: Not yet available.
- Kubernetes: Our Kubernetes integration logs are based on fluentbit’s output plugin. Use these endpoint instructions.
- Fluentd: Use our Fluentd endpoint instructions.
- Logstash: Use our Logstash endpoint configuration.
- S3: Not yet available.
- Vector: Not yet available.
Log API: Use the Log API endpoint configuration.
Telemetry SDKs:
- Java: configure an
endpointin theLogBatchSendersection shown in this example. - Python: edit the
HOST = "log-api.newrelic.com"configuration.
Metrics
Below are instructions showing where to reconfigure the default Metric API endpoint with our FedRAMP-compliant endpoint for various metric-reporting tools.
- Dropwizard: use the
overrideUriconfiguration. - Kamon: use the
metric-ingest-urlconfiguration. See Override endpoints. - Micrometer: override the
public String uri()method on yourNewRelicRegistryConfigto return the new endpoint. See an example.
Here are instructions for our Telemetry SDKs that report metric data:
- Go: use the
MetricsURLOverrideconfiguration. - Java: in the
MetricBatchSendersection, configure the endpoint. See an example. - .NET: use the
MetricUrlOverrideconfiguration. - Node.js: edit the
METRIC_HOST = 'metric-api.newrelic.com'configuration. - Python: edit the
HOST = "metric-api.newrelic.com"configuration.
For more help
For information on other FedRAMP-compliant endpoints or how to configure New Relic agents for FedRAMP see FedRAMP-compliant endpoints.