Whitelisting own cloud elasticsearch instance IP

For one our deployments we've created a traffic filter via https://cloud.elastic.co/deployment-features/traffic-filters that whitelists our VPN IP addresses.

This works as expected, I can only access elasticsearch/kibana when I'm connected to my company's VPN, however recently we've tried implementing a watcher that notifies us when the cluster is unhealthy.

It seems that the watcher is prevented from hitting the healthcheck endpoint, we get a 403 error which is due to the traffic filtering rules, I assume because we've not whitelisted the elastic instance IP address?

I've tested this theory by deleting the traffic filter from our deployment, which gets rid of the 403 errors, however this is not ideal as we need to keep the whitelisted IPs filter.

My question is, is there a way of getting around this 403 error? am I able to whitelist the elasticsearch instance that is making the healthcheck requests? if so, how do I obtain the correct list of IPs to whitelist

PUT _xpack/watcher/watch/cluster_health_watch
  "trigger" : {
    "schedule" : { "interval" : "10s" }
  "input" : {
    "http" : {
      "request" : {
       "scheme": "https",
       "host" : "....eu-west-1.aws.found.io",
       "port" : 9243,
       "path" : "/_cluster/health",
       "auth": {
          "basic": {
            "username": "...",
            "password": "..."
  "actions": {
    "notify-slack": {
      "throttle_period" : "10s",
      "slack" : {
        "message" : {
          "to" : [ "#elasticsearch-alerts-test" ],
          "text" : "Cluster status is {{ctx.payload.status}}"

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.