Introducing Elastic Serverless Plus add-on with AWS PrivateLink capability

For industries like financial services, healthcare, and government, control over the network path is essential. PrivateLink for Serverless, included in the Elastic Serverless Plus add-on, enables you to seamlessly integrate Elastic Cloud Serverless into your private network architecture.

With AWS PrivateLink support, you establish a private, unidirectional connection between your virtual private cloud (VPC) and your Elastic Cloud Serverless projects.

Why this matters for your enterprise:

• Zero Trust Architecture: Enforce strict access controls by ensuring your Serverless project only accepts traffic from specific, authorized VPC endpoints.

• Data isolation: Keep your traffic entirely within the AWS backbone. Your sensitive data never traverses the public internet, simplifying compliance with standards like SOC 2, HIPAA, and PCI-DSS.

• Native AWS integration: Use standard AWS networking constructs you already know, making integration with your existing security tools and topology effortless.

Beyond security, direct private connectivity offers significant operational advantages. By routing traffic through AWS PrivateLink rather than the public internet, you treat your Elastic deployments like local resources within your VPC.

• Cost efficiency: Significantly reduce your cloud provider data transfer costs by avoiding AWS NAT Gateway processing fees for high-volume log or vector data.

• Consistent latency: Benefit from the stability and speed of the AWS private network, ensuring deterministic performance for your search and observability applications.

The Elastic Serverless Plus add-on is designed to provide advanced enterprise capabilities, ensuring your serverless deployments can scale with your organizational complexity.

Available now:

• AWS PrivateLink: Secure, private connectivity

• IP filtering: Granular access control over public connectivity

Available later:

• Cross-project search (CPS): Connect and search other serverless projects within the same solution (e.g., search other Serverless Observability projects)

• Multicloud network security: We are expanding private connectivity support to Azure and Google Cloud in the near future.

• Encryption at rest with customer-managed keys (a.k.a. BYOK): Enhance data protection capabilities.

Setting up a private connection is designed to be streamlined with the rest of our serverless experience:

1. Create an endpoint: In your AWS console, create a VPC Endpoint for the Elastic Cloud service.

2. Define the policy: In the Elastic Cloud console under the new Network security section, create a Private connection.

3. Authorize: Provide your VPC endpoint ID to authorize the connection.

4. Connect: Associate the policy with your project. Your traffic now flows securely over the PrivateLink.

Elastic Serverless Plus features, starting with AWS PrivateLink and IP filtering, are available to all Serverless customers completely free during our introductory promotional period.

This allows you to validate the new connectivity options in your environment immediately.

As of today, Elastic Serverless Plus is available in the Observability Complete and Security Analytics Complete tiers at no additional charge. In Elasticsearch Serverless, the add-on is optional and, following the conclusion of the promotional period, will include an upcharge of 10% on your bill depending on the project's consumption. Exact pricing details will be available soon. You will be given upfront notice of metering changes and pricing implications on your bill. This pricing model ensures that the cost of these premium features scales logically alongside your usage.

Log in to the Elastic Cloud console and navigate to Network security to get started, or check out our detailed implementation guide.