Elastic Cloud Static IPs
editElastic Cloud Static IPs
editElastic Cloud provides a range of static IP addresses that enable you to allow or deny IP ranges. There are two types of static IP addresses, ingress and egress, and they each have their own set of use cases. In general, static IPs can be used to introduce network controls (for example, firewall rules) for traffic that goes to and from Elastic Cloud deployments over the Internet. Use of static IPs is not applicable to private cloud service provider connections (for example, AWS/Azure PrivateLink, GCP Private Service Connect). It is important to note that static IP addresses are subject to change, and not all cloud provider regions are currently fully supported for ingress and egress static IPs.
Ingress Static IPs: Traffic To Elastic Cloud
editSuitable usage of ingress static IPs to introduce network controls:
- All traffic towards Elastic Cloud deployments from the public Internet, your private cloud network over the public Internet, or your on-premises network over the public Internet (e.g. Elasticsearch traffic, Kibana traffic, etc) uses Ingress Static IPs as network destination
Not suitable usage of ingress static IPs to introduce network controls:
- Traffic over private cloud service provider connections (e.g. AWS Privatelink, GCP Private Service Connect, Azure Private Link)
- Traffic to the Cloud Console
- Traffic to non Elastic Cloud websites and services hosted by Elastic (e.g. www.elastic.co)
Egress Static IPs: Traffic From Elastic Cloud
editSuitable usage of egress static IPs to introduce network controls:
- Traffic from Elastic Cloud deployments towards the public Internet, your private cloud network over the public Internet, or your on-premises network over the public Internet (e.g. custom Slack alerts, Email alerts, Kibana alerts, etc.) uses Egress Static IPs as network source
- Cross-cluster replication/cross-cluster search traffic from Elastic Cloud deployments towards on-premises Elastic Cloud Enterprise deployments protected by on-premises firewalls or Elastic Cloud Enterprise traffic filters
Not suitable usage of egress static IPs to introduce network controls:
- Snapshot traffic that stays within the same cloud provider and regional boundaries (e.g. an Elastic Cloud deployment hosted in aws-us-east-1 using an S3 bucket also hosted in aws-us-east-1 as a snapshot repository)
Supported Regions
editAWS
Region |
Ingress Static IPs |
Egress Static IPs |
aws-af-south-1 |
No |
Yes |
aws-ap-east-1 |
No |
Yes |
aws-ap-northeast-1 |
No |
Yes |
aws-ap-northeast-2 |
No |
Yes |
aws-ap-south-1 |
No |
Yes |
aws-ap-southeast-1 |
No |
Yes |
aws-ap-southeast-2 |
No |
Yes |
aws-ca-central-1 |
No |
Yes |
aws-eu-central-1 |
No |
Yes |
aws-eu-north-1 |
Yes |
Yes |
aws-eu-south-1 |
No |
Yes |
aws-eu-west-1 |
No |
Yes |
aws-eu-west-2 |
No |
Yes |
aws-eu-west-3 |
No |
Yes |
aws-me-south |
No |
Yes |
aws-sa-east-1 |
Yes |
Yes |
aws-us-east-1 |
Yes |
Yes |
aws-us-east-2 |
No |
Yes |
aws-us-west-1 |
Yes |
Yes |
aws-us-west-2 |
No |
Yes |
Azure
Region |
Ingress Static IPs |
Egress Static IPs |
azure-australiaeast |
Yes |
Yes |
azure-brazilsouth |
Yes |
Yes |
azure-canadacentral |
Yes |
Yes |
azure-centralindia |
Yes |
Yes |
azure-centralus |
Yes |
Yes |
azure-eastus |
Yes |
Yes |
azure-eastus2 |
Yes |
Yes |
azure-francecentral |
Yes |
Yes |
azure-japaneast |
Yes |
Yes |
azure-northeurope |
Yes |
Yes |
azure-southafricanorth |
Yes |
Yes |
azure-southcentralus |
Yes |
Yes |
azure-southeastasia |
Yes |
Yes |
azure-uksouth |
Yes |
Yes |
azure-westeurope |
Yes |
Yes |
azure-westus2 |
Yes |
Yes |
GCP
Region |
Ingress Static IPs |
Egress Static IPs |
gcp-asia-east1 |
Yes |
No |
gcp-asia-northeast1 |
Yes |
No |
gcp-asia-northeast3 |
Yes |
No |
gcp-asia-south1 |
Yes |
No |
gcp-asia-southeast1 |
Yes |
No |
gcp-asia-southeast2 |
Yes |
No |
gcp-australia-southeast1 |
Yes |
No |
gcp-europe-north1 |
Yes |
No |
gcp-europe-west1 |
Yes |
No |
gcp-europe-west2 |
Yes |
No |
gcp-europe-west3 |
Yes |
No |
gcp-europe-west4 |
Yes |
No |
gcp-europe-west9 |
Yes |
No |
gcp-northamerica-northeast1 |
Yes |
No |
gcp-southamerica-east1 |
Yes |
No |
gcp-us-central1 |
Yes |
No |
gcp-us-east1 |
Yes |
No |
gcp-us-east4 |
Yes |
No |
gcp-us-west1 |
Yes |
No |
gcp-us-west2 |
Yes |
No |
Static IP ranges are subject to change. You will need to update your firewall rules when they change to prevent service disruptions. We will announce changes at least 8 weeks in advance (see example). Please subscribe to the Elastic Cloud Status Page to remain up to date with any changes to the Static IP ranges which you will need to update at your side.
Using Static IPs
editThe Elastic Cloud range of static IPs is formatted as a simple JSON object and can be found at link: https://ips.cld.elstc.co/. Any searching, formatting, or filtering can be done on the client side.
For example:
curl -s https://ips.cld.elstc.co/ | jq '.regions["aws-us-east-1"]'