Trust managementedit

In order to establish a remote connection between two remote clusters, they must both trust each other. Trust is bi-directional: If one of the clusters doesn’t trust the other, the remote connection won’t be established.

Mutual trust between two clusters is required to enable cross-cluster search and cross-cluster replication.

Trust can be configured individually for each deployment.

Default trust behavior in your accountedit

By default, any deployment that you create trusts all other deployments in the same account. You can change this behavior in the Elasticsearch Service Console under Features > Trust, so that when a new deployment is created it does not trust any other deployment. You can choose one of the following options:

  • Trust all my deployments - New deployments will by default trust any other deployment from your account (even deployments that don’t exist when the deployment is created).
  • Trust no deployment - New deployments won’t trust any other deployment when they are created. (This can be changed later in the deployment trust settings)
Trust management at the account Level

Note the following behaviours with this trust setting:

  • Changing the trust settings affects only deployments that you create in the future. The level of trust of existing deployments is not modified by this setting.
  • Deployments created before the Elasticsearch Service February 2021 release trust only themselves. You need to update the trust setting for each deployment that you want to either use as a remote cluster or configure to work with a remote cluster.

Update the trust settings of a deploymentedit

To configure the trust settings for a deployment:

  1. Log in to the Elasticsearch Service Console.
  2. Select your deployment on the home page in the Elasticsearch Service card or go to the deployments page.

    Narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.

  3. From the Security menu, open the Trust Management page.
  4. Choose one of following options to configure the level of trust on each of your deployments:

    • Trust all deployments - This deployment trusts all other deployments in your account, including new deployments when they are created.
    • Trust no deployment - No deployment is trusted.
    • Trust specific deployments - Choose which of the existing deployments in your account to trust.
Trust Management at the Deployment Level