Merge branch 'main' into eck-upgrade-guide

Author: jmikell821

deploy-manage/security/secure-your-elastic-cloud-organization.md

@@ -8,26 +8,32 @@ applies_to:
 
 # Secure your Elastic Cloud organization [ec-securing-considerations]
 
-:::{warning}
-**This page is a work in progress.** 
-:::
+This section covers security settings for your {{ecloud}} organization, the platform for managing {{ech}} deployments and serverless projects.
 
+**Managed by Elastic**
 
-## TLS certificate management
+As a managed service, Elastic automatically handles a [number of security features](https://www.elastic.co/cloud/security#details) with no configuration required:
 
-TLS certificates apply security controls to network communications. They encrypt data in transit, verify the identity of connecting parties, and help prevent man-in-the-middle attacks.
+- **TLS encrypted communication** is provided in the default configuration. Elasticsearch nodes communicate using TLS.
+- **Encryption at rest**. By default, all of your {{ecloud}} resources are encrypted at rest. Note that you can choose to encrypt your {{ech}} deployments [using your own encryption key](/deploy-manage/security/encrypt-deployment-with-customer-managed-encryption-key.md).
+- **Cluster isolation**. Elasticsearch nodes run in isolated containers, configured according to the principle of least privilege, and with restrictions on system calls and allowed root operations.
 
-For your **{{ech}}** deployments and serverless projects hosted on {{ecloud}}, TLS certificates are managed automatically.
+**Additional organization-level security settings**
 
-## Access control
+To reinforce the security of your organization, consider implementing the following measures:
 
-Define which users can access your {{ecloud}} organization using the following methods:
+- **Network security**. Control which systems can access your Elastic deployments and projects through traffic filtering and network controls:
+  - [**IP traffic filtering**](/deploy-manage/security/ip-traffic-filtering.md): Restrict access based on IP addresses or CIDR ranges.
+  - [**Private link filters**](/deploy-manage/security/private-link-traffic-filters.md): Secure connectivity through AWS PrivateLink, Azure Private Link, or GCP Private Service Connect.
+  - [**Static IPs**](/deploy-manage/security/elastic-cloud-static-ips.md): Use static IP addresses for predictable firewall rules. 
+- **Access control**
+  - [**Organization-level SSO**](/deploy-manage/users-roles/cloud-organization/configure-saml-authentication.md). Note that for {{ech}} deployments, you can also configure SSO at the [deployment level](/deploy-manage/users-roles/cluster-or-deployment-auth.md).
+  - [**Cloud role-based access control**](/deploy-manage/users-roles/cloud-organization/manage-users.md): Define the roles of users who have access to your organization and its resources. Note that for {{ech}} deployments, you can also [manage non-cloud users and roles](/deploy-manage/users-roles/cluster-or-deployment-auth/defining-roles.md).
+  - [**Cloud API keys**](/deploy-manage/api-keys/elastic-cloud-api-keys.md): Manage API keys used for programmatic access to [{{ecloud}}](https://www.elastic.co/docs/api/doc/cloud/) and [{{ecloud}} serverless](https://www.elastic.co/docs/api/doc/elastic-cloud-serverless/) APIs.
 
-- [SSO](/deploy-manage/users-roles/cloud-organization/configure-saml-authentication.md)
-- [Role-based access control](/deploy-manage/users-roles/cloud-organization/manage-users.md)
-- [Cloud API keys](/deploy-manage/api-keys/elastic-cloud-api-keys.md)
 
 
-## Next step: secure your deployments and clusters
+**Additional deployment-level security settings**
+
+While serverless projects are fully managed and secured by Elastic, additional security settings are available for you to configure individually for your {{ech}} deployments. Refer to [](secure-your-cluster-deployment.md) for more information.
 
-This section covered security principles and options at the environment level. You can take further measures individually for each deployment or cluster that you're running on this environment. Refer to [](secure-your-cluster-deployment.md).

manage-data/ingest/ingesting-data-from-applications.md

@@ -2,22 +2,12 @@
 mapped_urls:
   - https://www.elastic.co/guide/en/cloud/current/ec-ingest-guides.html
   - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-ingest-guides.html
+applies_to:
+  stack: ga
 ---
 
 # Ingesting data from applications
 
-% What needs to be done: Refine
-
-% GitHub issue: docs-projects#387
-
-% Scope notes: The ESS and ECE versions should be identical, but they'll still need to be combined.
-
-% Use migrated content from existing pages that map to this page:
-
-% - [ ] ./raw-migrated-files/cloud/cloud/ec-ingest-guides.md
-% - [ ] ./raw-migrated-files/cloud/cloud-enterprise/ece-ingest-guides.md
-
-
 The following tutorials demonstrate how you can use the Elasticsearch language clients to ingest data from an application into a deployment in {{ech}} or {{ece}}.
 
 [Ingest data with Node.js](ingesting-data-from-applications/ingest-data-with-nodejs-on-elasticsearch-service.md)

manage-data/ingest/ingesting-data-from-applications/ingest-data-from-beats-to-elasticsearch-service-with-logstash-as-proxy.md

@@ -2,61 +2,12 @@
 mapped_urls:
   - https://www.elastic.co/guide/en/cloud/current/ec-getting-started-search-use-cases-beats-logstash.html
   - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-getting-started-search-use-cases-beats-logstash.html
+applies_to:
+  stack: ga
 ---
 
 # Ingest data from Beats with Logstash as a proxy
 
-% What needs to be done: Refine
-
-% Scope notes: Merge ESS and ECE versions (should be pretty much identical)
-
-% Use migrated content from existing pages that map to this page:
-
-% - [ ] ./raw-migrated-files/cloud/cloud/ec-getting-started-search-use-cases-beats-logstash.md
-% - [ ] ./raw-migrated-files/cloud/cloud-enterprise/ece-getting-started-search-use-cases-beats-logstash.md
-
-% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
-
-$$$ec-beats-logstash-connect-securely$$$
-
-$$$ec-beats-logstash-elasticsearch$$$
-
-$$$ec-beats-logstash-filebeat$$$
-
-$$$ec-beats-logstash-listen$$$
-
-$$$ec-beats-logstash-logstash$$$
-
-$$$ec-beats-logstash-metricbeat-send$$$
-
-$$$ec-beats-logstash-metricbeat$$$
-
-$$$ec-beats-logstash-stdout$$$
-
-$$$ec-beats-logstash-trial$$$
-
-$$$ec-beats-logstash-view-kibana$$$
-
-$$$ece-beats-logstash-connect-securely$$$
-
-$$$ece-beats-logstash-deployment$$$
-
-$$$ece-beats-logstash-elasticsearch$$$
-
-$$$ece-beats-logstash-filebeat$$$
-
-$$$ece-beats-logstash-listen$$$
-
-$$$ece-beats-logstash-logstash$$$
-
-$$$ece-beats-logstash-metricbeat-send$$$
-
-$$$ece-beats-logstash-metricbeat$$$
-
-$$$ece-beats-logstash-stdout$$$
-
-$$$ece-beats-logstash-view-kibana$$$
-
 This guide explains how to ingest data from Filebeat and Metricbeat to {{ls}} as an intermediary, and then send that data to your {{ech}} or {{ece}} deployment. Using {{ls}} as a proxy limits your Elastic stack traffic through a single, external-facing firewall exception or rule. Consider the following features of this type of setup:
 
 * You can send multiple instances of Beats data through your local network’s demilitarized zone (DMZ) to {{ls}}. {{ls}} then acts as a proxy through your firewall to send the Beats data to your deployment, as shown in the following diagram:

manage-data/ingest/ingesting-data-from-applications/ingest-data-from-relational-database-into-elasticsearch-service.md

@@ -2,44 +2,12 @@
 mapped_urls:
   - https://www.elastic.co/guide/en/cloud/current/ec-getting-started-search-use-cases-db-logstash.html
   - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-getting-started-search-use-cases-db-logstash.html
+applies_to:
+  stack: ga
 ---
 
 # Ingest data from a relational database
 
-% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
-
-$$$ec-db-logstash-connect-securely$$$
-
-$$$ec-db-logstash-database-structure$$$
-
-$$$ec-db-logstash-database$$$
-
-$$$ec-db-logstash-driver$$$
-
-$$$ec-db-logstash-output$$$
-
-$$$ec-db-logstash-pipeline$$$
-
-$$$ec-db-logstash-prerequisites$$$
-
-$$$ec-db-logstash-trial$$$
-
-$$$ece-db-logstash-connect-securely$$$
-
-$$$ece-db-logstash-database-structure$$$
-
-$$$ece-db-logstash-database$$$
-
-$$$ece-db-logstash-deployment$$$
-
-$$$ece-db-logstash-driver$$$
-
-$$$ece-db-logstash-output$$$
-
-$$$ece-db-logstash-pipeline$$$
-
-$$$ece-db-logstash-prerequisites$$$
-
 This guide explains how to ingest data from a relational database into {{ecloud}} through [{{ls}}](logstash://reference/index.md), using the Logstash [JDBC input plugin](logstash://reference/plugins-inputs-jdbc.md). It demonstrates how Logstash can be used to efficiently copy records and to receive updates from a relational database, and then send them into {{es}} in an {{ech}} or {{ece}} deployment.
 
 The code and methods presented here have been tested with MySQL. They should work with other relational databases.

manage-data/ingest/ingesting-data-from-applications/ingest-data-with-nodejs-on-elasticsearch-service.md

@@ -2,6 +2,8 @@
 mapped_urls:
   - https://www.elastic.co/guide/en/cloud/current/ec-getting-started-node-js.html
   - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-getting-started-node-js.html
+applies_to:
+  stack: ga
 ---
 
 # Ingest data with Node.js

manage-data/ingest/ingesting-data-from-applications/ingest-data-with-python-on-elasticsearch-service.md

@@ -2,6 +2,8 @@
 mapped_urls:
   - https://www.elastic.co/guide/en/cloud/current/ec-getting-started-python.html
   - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-getting-started-python.html
+applies_to:
+  stack: ga
 ---
 
 # Ingest data with Python

manage-data/ingest/ingesting-data-from-applications/ingest-logs-from-nodejs-web-application-using-filebeat.md

@@ -2,53 +2,12 @@
 mapped_urls:
   - https://www.elastic.co/guide/en/cloud/current/ec-getting-started-search-use-cases-node-logs.html
   - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-getting-started-search-use-cases-node-logs.html
+applies_to:
+  stack: ga
 ---
 
 # Ingest logs from a Node.js web application using Filebeat
 
-% What needs to be done: Refine
-
-% Scope notes: Merge ESS and ECE versions (should be pretty much identical)
-
-% Use migrated content from existing pages that map to this page:
-
-% - [ ] ./raw-migrated-files/cloud/cloud/ec-getting-started-search-use-cases-node-logs.md
-% - [ ] ./raw-migrated-files/cloud/cloud-enterprise/ece-getting-started-search-use-cases-node-logs.md
-
-% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
-
-$$$ec-node-logs-connect-securely$$$
-
-$$$ec-node-logs-create-request-script$$$
-
-$$$ec-node-logs-create-server-script$$$
-
-$$$ec-node-logs-filebeat$$$
-
-$$$ec-node-logs-prerequisites$$$
-
-$$$ec-node-logs-send-ess$$$
-
-$$$ec-node-logs-trial$$$
-
-$$$ec-node-logs-view-kibana$$$
-
-$$$ece-node-logs-connect-securely$$$
-
-$$$ece-node-logs-create-request-script$$$
-
-$$$ece-node-logs-create-server-script$$$
-
-$$$ece-node-logs-deployment$$$
-
-$$$ece-node-logs-filebeat$$$
-
-$$$ece-node-logs-prerequisites$$$
-
-$$$ece-node-logs-send-ess$$$
-
-$$$ece-node-logs-view-kibana$$$
-
 This guide demonstrates how to ingest logs from a Node.js web application and deliver them securely into an {{ech}} or {{ece}} deployment. You’ll set up Filebeat to monitor a JSON-structured log file that has standard Elastic Common Schema (ECS) formatted fields, and you’ll then view real-time visualizations of the log events in Kibana as requests are made to the Node.js server. While Node.js is used for this example, this approach to monitoring log output is applicable across many client types. Check the list of [available ECS logging plugins](ecs-logging://reference/intro.md#_get_started).
 
 *Time required: 1.5 hours*

manage-data/ingest/ingesting-data-from-applications/ingest-logs-from-python-application-using-filebeat.md

@@ -2,37 +2,12 @@
 mapped_urls:
   - https://www.elastic.co/guide/en/cloud/current/ec-getting-started-search-use-cases-python-logs.html
   - https://www.elastic.co/guide/en/cloud-enterprise/current/ece-getting-started-search-use-cases-python-logs.html
+applies_to:
+  stack: ga
 ---
 
 # Ingest logs from a Python application using Filebeat
 
-% What needs to be done: Refine
-
-% Scope notes: Merge ESS and ECE versions (should be pretty much identical)
-
-% Use migrated content from existing pages that map to this page:
-
-% - [ ] ./raw-migrated-files/cloud/cloud/ec-getting-started-search-use-cases-python-logs.md
-% - [ ] ./raw-migrated-files/cloud/cloud-enterprise/ece-getting-started-search-use-cases-python-logs.md
-
-% Internal links rely on the following IDs being on this page (e.g. as a heading ID, paragraph ID, etc):
-
-$$$ec-python-logs-create-script$$$
-
-$$$ec-python-logs-filebeat$$$
-
-$$$ec-python-logs-send-ess$$$
-
-$$$ec-python-logs-view-kibana$$$
-
-$$$ece-python-logs-create-script$$$
-
-$$$ece-python-logs-filebeat$$$
-
-$$$ece-python-logs-send-ess$$$
-
-$$$ece-python-logs-view-kibana$$$
-
 This guide demonstrates how to ingest logs from a Python application and deliver them securely into an {{ech}} deployment. You’ll set up Filebeat to monitor a JSON-structured log file that has standard Elastic Common Schema (ECS) formatted fields, and you’ll then view real-time visualizations of the log events in {{kib}} as they occur. While Python is used for this example, this approach to monitoring log output is applicable across many client types. Check the list of [available ECS logging plugins](ecs-logging://reference/intro.md).
 
 *Time required: 1 hour*