A newer version is available. For the latest information, see the current release documentation.
Elastic Docs Elastic Cloud Enterprise Reference [3.1] Administering deployments Traffic Filtering
« IP traffic filters Connect to your cluster »

Manage traffic filtering through the APIedit

This example demonstrates how to use the Elastic Cloud Enterprise RESTful API to manage different types of traffic filters. We cover the following examples:

Read through the main Traffic Filtering page to learn about the general concepts behind filtering access to your Elastic Cloud Enterprise deployments.

Create a traffic filter rule setedit

IP traffic filter ingress rule setedit

Send a request like the following to create an IP traffic filter ingress rule set:

curl \
-H "Authorization: ApiKey $API_KEY" \
-H 'content-type: application/json' \
https://$COORDINATOR_HOST:12443/api/v1/deployments/traffic-filter/rulesets \
-d '
{
  "name": "My IP filtering Ingress Rule Set",
  "region": "ece-region",
  "description": "",
  "type": "ip",
  "rules": [
    {
      "description": "Allow inbound traffic from IP address 192.168.131.0",
      "source": "192.168.131.0"
    },
    {
      "description": "Allow inbound traffic within CIDR block 192.168.132.6/22",
      "source": "192.168.132.6/22"
    }
  ],
  "include_by_default": false
}
'

If the request is successful, a response containing a $RULESET_ID is returned. $RULESET_ID is required to update or delete the rule set itself, or it can be used to associate the rule set to a deployment.

{
  "id" : "5470a0010ebf437bb9294ea9fcba0ba0"
}

Update a traffic filter rule setedit

Send a request like the following to update an IP traffic filter ingress rule set:

curl -XPUT \
-H "Authorization: ApiKey $API_KEY" \
-H 'content-type: application/json' \
https://$COORDINATOR_HOST:12443/api/v1/deployments/traffic-filter/rulesets/$RULESET_ID \
-d '
{
  "name": "My IP filtering Ingress Rule Set",
  "region": "ece-region",
  "description": "",
  "type": "ip",
  "rules": [
    {
      "description": "Allow inbound traffic from IP address 192.168.131.0",
      "source": "192.168.131.0"
    },
    {
      "description": "Allow inbound traffic within CIDR block 192.168.132.6/22",
      "source": "192.168.132.6/22"
    }
  ],
  "include_by_default": true
}
'

Associate a rule set with a deploymentedit

Send a request like the following to associate a rule set with a deployment:

curl -XPOST \
-H "Authorization: ApiKey $API_KEY" \
-H 'content-type: application/json' \
https://$COORDINATOR_HOST:12443/api/v1/deployments/traffic-filter/rulesets/$RULESET_ID/associations \
-d '
{
   "entity_type" : "deployment",
   "id" : "'"$DEPLOYMENT_ID"'"
}
'

Delete a rule set association with a deploymentedit

Send a request like the following to delete a rule set association with a deployment:

curl -XDELETE \
-H "Authorization: ApiKey $API_KEY" \
-H 'content-type: application/json' \
https://$COORDINATOR_HOST:12443/api/v1/deployments/traffic-filter/rulesets/$RULESET_ID/associations/deployment/$DEPLOYMENT_ID \

Delete a traffic filter rule setedit

Send a request like the following to delete a traffic filter rule set:

curl -XDELETE \
-H "Authorization: ApiKey $API_KEY" \
https://$COORDINATOR_HOST:12443/api/v1/deployments/traffic-filter/rulesets/$RULESET_ID \
« IP traffic filters Connect to your cluster »