Filter IP traffic

After you have defined your rule sets at the platform level, now you must associate them with deployments. You can apply multiple rule sets to each deployment and manage those associations at the deployment level.

Internal traffic between Kibana instances, APM Servers, and the Elasticsearch clusters is automatically allowed.

Filter traffic for deployments at 5.x or later

You can add IP filtering associations through the UI or the API for deployments at version 5.x or later.

  1. Log into the Cloud UI.
  2. From the Deployments page, select your deployment.

    Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters.

  3. From your deployment menu, select Security.
  4. Click Apply rule set and then select the sets that you want.
  5. If the deployment had an existing Kibana instance, you must restart it.

All other traffic is now blocked.

Filter traffic for 2.4.6 deployments

Manage the IP filtering associations for deployments at version 2.4.6 through the API.

  1. Get the rule set ID:

    curl -X GET -u USERNAME:PASSWORD https://ECE_HOST:12433/api/v1/deployments/ip-filtering/rulesets

    The admin user credentials

    A host that you installed Elastic Cloud Enterprise on that holds the coordinator role, such as a host where you can log into the Cloud UI

  2. Get the cluster ID from the string at the end of the deployment page URL or use the API:

    curl -X GET -u USERNAME:PASSWORD https://ECE_HOST:12433/api/v1/clusters/elasticsearch
  3. Associate the rule set by running:

    curl -X POST -u USERNAME:PASSWORD https://ECE_HOST:12433/api/v1/deployments/ip-filtering/rulesets/RULE_SET_ID/associations -H 'content-type: application/json' -d '{
      "entity_type": "cluster",
      "id": "CLUSTER-ID"
    }'

    The rule set ID returned from step 1

    The cluster or deployment ID from step 2

Remove an association

You can remove a rule set association from a deployment use the UI or API. When all sets are gone, the deployment inbound traffic is unrestricted again.

To remove an association through the Cloud UI:

  1. Go to the deployment.
  2. On the Security page, under Action simply click the X.

To remove an association through the API:

  1. Identify all rule sets associated with the deployment:

    curl -X GET -u USERNAME:PASSWORD https://ECE_HOST:12433/api/v1/deployments/ip-filtering/associations/cluster/CLUSTER_ID/rulesets
  2. For each rule set, run:

    curl -X DELETE -u USERNAME:PASSWORD https://ECE_HOST:12433/api/v1/deployments/ip-filtering/rulesets/RULE_SET_ID/associations/cluster/CLUSTER_ID

If you want to remove the rule set from the platform, you’ll need remove all associations and then delete it.