IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« IP traffic filters Connect to your cluster »
Elastic Docs Elastic Cloud Enterprise Reference [2.13] Administering deployments Traffic Filtering

Manage traffic filtering through the API

edit

Manage traffic filtering through the API

edit

This example demonstrates how to use the Elastic Cloud Enterprise RESTful API to manage different types of traffic filters. We cover the following examples:

Read through the main Traffic Filtering page to learn about the general concepts behind filtering access to your Elastic Cloud Enterprise deployments.

Create a traffic filter rule set

edit
IP traffic filter ingress rule set
edit

Send a request like the following to create an IP traffic filter ingress rule set:

curl \
-H "Authorization: ApiKey $API_KEY" \
-H 'content-type: application/json' \
https://$COORDINATOR_HOST:12443/api/v1/deployments/traffic-filter/rulesets \
-d '
{
  "name": "My IP filtering Ingress Rule Set",
  "region": "ece-region",
  "description": "",
  "type": "ip",
  "rules": [
    {
      "description": "Allow inbound traffic from IP address 192.168.131.0",
      "source": "192.168.131.0"
    },
    {
      "description": "Allow inbound traffic within CIDR block 192.168.132.6/22",
      "source": "192.168.132.6/22"
    }
  ],
  "include_by_default": false
}
'

If the request is successful, a response containing a $RULESET_ID is returned. $RULESET_ID is required to update or delete the rule set itself, or it can be used to associate the rule set to a deployment.

{
  "id" : "5470a0010ebf437bb9294ea9fcba0ba0"
}

Update a traffic filter rule set

edit

Send a request like the following to update an IP traffic filter ingress rule set:

curl -XPUT \
-H "Authorization: ApiKey $API_KEY" \
-H 'content-type: application/json' \
https://$COORDINATOR_HOST:12443/api/v1/deployments/traffic-filter/rulesets/$RULESET_ID \
-d '
{
  "name": "My IP filtering Ingress Rule Set",
  "region": "ece-region",
  "description": "",
  "type": "ip",
  "rules": [
    {
      "description": "Allow inbound traffic from IP address 192.168.131.0",
      "source": "192.168.131.0"
    },
    {
      "description": "Allow inbound traffic within CIDR block 192.168.132.6/22",
      "source": "192.168.132.6/22"
    }
  ],
  "include_by_default": true
}
'

Associate a rule set with a deployment

edit

Send a request like the following to associate a rule set with a deployment:

curl -XPOST \
-H "Authorization: ApiKey $API_KEY" \
-H 'content-type: application/json' \
https://$COORDINATOR_HOST:12443/api/v1/deployments/traffic-filter/rulesets/$RULESET_ID/associations \
-d '
{
   "entity_type" : "deployment",
   "id" : "$DEPLOYMENT_ID"
}
'

Delete a rule set association with a deployment

edit

Send a request like the following to delete a rule set association with a deployment:

curl -XDELETE \
-H "Authorization: ApiKey $API_KEY" \
-H 'content-type: application/json' \
https://$COORDINATOR_HOST:12443/api/v1/deployments/traffic-filter/rulesets/$RULESET_ID/associations/deployment/$DEPLOYMENT_ID \

Delete a traffic filter rule set

edit

Send a request like the following to delete a traffic filter rule set:

curl -XDELETE \
-H "Authorization: ApiKey $API_KEY" \
https://$COORDINATOR_HOST:12443/api/v1/deployments/traffic-filter/rulesets/$RULESET_ID \
« IP traffic filters Connect to your cluster »