After you have defined your rule sets at the platform level, now you must associate them with deployments. You can apply multiple rule sets to each deployment and manage those associations at the deployment level.
Internal traffic between Kibana instances, APM Servers, and the Elasticsearch clusters is automatically allowed.
You can add IP filtering associations through the UI or the API for deployments at version 5.x or later.
- Log into the Cloud UI.
From the Deployments page, select your deployment.
Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters.
- From your deployment menu, select Security.
- Click Apply rule set and then select the sets that you want.
- If the deployment had an existing Kibana instance, you must restart it.
All other traffic is now blocked.
Manage the IP filtering associations for deployments at version 2.4.6 through the API.
Get the rule set ID:
Get the cluster ID from the string at the end of the deployment page URL or use the API:
curl -X GET -u USERNAME:PASSWORD https://ECE_HOST:12433/api/v1/clusters/elasticsearch
Associate the rule set by running:
You can remove a rule set association from a deployment use the UI or API. When all sets are gone, the deployment inbound traffic is unrestricted again.
To remove an association through the Cloud UI:
- Go to the deployment.
- On the Security page, under Action simply click the X.
To remove an association through the API:
Identify all rule sets associated with the deployment:
curl -X GET -u USERNAME:PASSWORD https://ECE_HOST:12433/api/v1/deployments/ip-filtering/associations/cluster/CLUSTER_ID/rulesets
For each rule set, run:
curl -X DELETE -u USERNAME:PASSWORD https://ECE_HOST:12433/api/v1/deployments/ip-filtering/rulesets/RULE_SET_ID/associations/cluster/CLUSTER_ID
If you want to remove the rule set from the platform, you’ll need remove all associations and then delete it.