A question on Traffic filtering

I just wanted to check if my understanding is correct on the traffic filtering

Suppose someone has put in Traffic filtering via two configured filters:

  1. AWS Virtual Private Clouds (VPCs) over AWS PrivateLink filter.
  2. And "allow all" rule set, with the CIDR mask

If both filters are attached to a deployment and then the traffic originates from the linked AWS hosted servers, then the that data will not be travelling over public internet. Right?

Hi @pk.241011

Here are the docs in case you are interested.

On Elastic Cloud when you create and associate and AWS PrivateLink upon proper creation of that Private Link Connection the Elasticsearch endpoints an only be access via the Private Links connection which is directly linked to the Specified VPC Endpoint, and thus all traffic to the Private Link endpoint will be via AWS Internal Network.

If you do add an IP Filter that adds back Public IPs to address that is fine as well and traffic from those IPs will travel the public endpoint and hit the public IP.

With respect to how the Traffic is routed.

If your originating systems uses the VPC Endpoint that is directly linked to the AWS Private Link endpoint which is linked to the the Elastic Cloud Endpoint then by definition the traffic will be via the AWS Network, i.e. not on the public internet if you originating system uses the VPCE / PL

If your originating system uses the Public Endpoint it may (and I say may as AWS has some pretty smart routing) traverse the Public Internet.

There are a set of logstash server sending data to Elastic cloud and these servers are EC2 based in the AWS. I have done all the steps to link that VPC to Elastic cloud.

But after that rest of the logstash servers which are running on the company provided VM will get denied sending data. Hence the need to provide the IP filtering too.

And finally Kibana became inaccessable too. So I went to providing an allow all IP filtering string.

Now I am wondering if there is a way to check which way the data sent by EC2 servers is coming through.

The logstash servers in my EC2 have the Elasticsearch end point in the hosts part of the configuration.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.