Elasticsearch Service Private gives you the ease of a hosted offering along with the benefits that come with having a dedicated environment to host your deployments. We provision a virtual private cloud (VPC) for you, that we manage for you, with an exclusive set of hosts. You can connect your VPC to the environment, ensuring that the traffic stays within the same cloud provider and isn’t exposed to the public internet. All of the deployments in the environment are available to you with consolidated billing, but you can still isolate teams or users and meter their usage separately.
Elasticsearch Service Private entitles you to Platinum level support and features.
Looking for public Elasticsearch Service? Check it out with a 14-day trial.
To get started with Elasticsearch Service Private:
Contact us to initiate the sign-up process.
Our team will reach out to you to complete the registration process. You can help us help you by including these details:
- Which region you would like us to use to provision your Elasticsearch Service Private environment. The region must be in the same region as your VPCs. This is due to an AWS limitation since Private Link is only supported within the same AWS region. If you need support for more than one region, make sure to specify all the regions that you need.
- A general idea of how much capacity you expect to have in that environment. If you don’t have this information handy we can work together to size your environment.
During the sign-up process, we’ll ask for the Amazon account IDs you want to allow access to your environment. Those IDs will be added to the allow-list for your dedicated environment to ensure that only the VPC Endpoints created with those accounts will be permitted to access your deployments.
When the environment is ready, we’ll send you the VPC Endpoint Service name for your Elasticsearch Service Private environment.
To access your dedicated environment, you’ll need to create a new VPC endpoint and associate it with your VPC, that must be in the same AWS regions as your Elasticsearch Service Private environment. This is due to an AWS limitation since AWS Private Link is only supported within the same region.
- From the AWS user console, select the relevant region and add a VPC endpoint to initiate a connection request. For this to be approved, it must be done with an AWS account ID that’s been added to our allow-list.
- When prompted to discover the service, choose Find service by name, enter the Elasticsearch Service Private Endpoint Service name provided by us, and enter the name and the click Verify.
- Select the VPC you want to use from the list of available VPCs in that region.
- You can select which availability zones you want to enable on the endpoint. For high availability, we recommend using 2 or more availability zones.
- Update the security group associated with the Private Link endpoint to permit outbound traffic to common Elasticsearch Service ports. For example, TCP on port 9243 and 9343, as well as any CIDR ranges for the servers that need access to Elasticsearch Service.
- Click Create endpoint.
You should now see that the new endpoint status is "Available." Save the DNS records as you will need them in the next step to configure a DNS record that resolves to those DNS names.
- In the AWS user console, create a new Route 53 Hosted Zone.
vpce.ENV_ID.elastic-cloud.com.as the domain name, select the type to be Private Hosted Zone for Amazon VPC, and associate with the the relevant VPC.
- Click on Create Record Set.
*as the record name, choose
CNAME - Canonical nameas the type. This is where you will use the saved list of DNS records from the previous section. In the
valuefield, enter the first DNS name that appears in the saved list of DNS names.
- Click Create.
Complete your setup by making sure you can access all of the important parts of your environment.
Log on to the Elasticsearch Service console with the URL and the credentials sent to you by Elastic. The URL looks like
Access the API server at:
You can create deployments as usual.
You can connect to the Elasticsearch cluster in your deployment with this endpoint format:
The URL is also available on the deployment overview page, along with the endpoints for your other Elastic products.
From within your VPC, try to access the Elasticsearch endpoint, or any of the other components, and verify that you can successfully authenticate using the
elastic user credentials for the deployment.