How to whitelist cloud endpoint on my office network

Elastic Stack Elasticsearch
1

My beats are having trouble with the connectivity to elastic cloud endpoints

Kibana: https://7e4XXXXXXXXXXXXXXXXX949.us-east-1.aws.found.io:9243
ElasticSearch : https://1049XXXXXXXXXXXXXXXXe3.us-east-1.aws.found.io:9243

In my office network, I have to whitelist outgoing traffic to make these work properly.
But the IPs get changed time to time.
"dig " returns different ip addresses every time,
"ping" does the same.

If i want to white-list these endpoints with "ip addresses" (not the DNS), What is the best option I have?

2

Do you have support?
You should open an Elastic Cloud support ticket.

There is 2 options:
You will have to whitelist the entire us-east-1 region of AWS, that is possible because AWS publishes json files containing all their IPs but you need to parse it and turn that into firewall rules for your FW platform.

Or if Elastic Cloud runs on a subset of AWS IP (reserved) or their own IP (BYOIP) then their support team will be able to give you a list.

I’m not sure the support team for Cloud monitors these forums, thats why I say you should open a support ticket.

3

This is the best option.

4

Thanks @martinr_ubi @warkolm i'll create a support ticket and get this cleared.

5

Anyone in need can refer to this,

https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.