You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: deploy-manage/security/network-security-policies.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,7 +18,7 @@ Policies operate on the platform proxies. Requests rejected by the policies are
18
18
19
19
## Logic
20
20
21
-
- You can assign multiple policies to a single deployment. The policies can be of different types. In case of multiple policies, traffic can match any associated policy to be forwarded to the resource. If none of the policies match, the request is rejected with `403 Forbidden`.
21
+
- You can apply multiple policies to a single deployment. The policies can be of different types. In case of multiple policies, traffic can match any associated policy to be forwarded to the resource. If none of the policies match, the request is rejected with `403 Forbidden`.
22
22
- Policies, when associated with a deployment or project, will apply to all endpoints, such as {{es}}, {{kib}}, APM Server, and others.
23
23
- Any policy assigned to a deployment overrides the default behavior of *allow all access over the public internet endpoint*. The implication is that if you make a mistake putting in the traffic source (for example, if you specified the wrong IP address) the deployment will be effectively locked down to any of your traffic. You can use the UI to adjust or remove the policies.
24
24
- You can [mark a policy as default](#default-network-security-policies). Default policies are automatically attached to all new resources of the matching resource type that you create in its region.
@@ -32,26 +32,26 @@ Policies operate on the platform proxies. Requests rejected by the policies are
32
32
33
33
## Default network security policies
34
34
35
-
You can mark a policy as default. Default policies are automatically attached to all new resources of the matching resource type that you create in its region.
35
+
You can apply a policy by default. Default policies are automatically attached to all new resources of the matching resource type that you create in its region.
36
36
37
-
You can detach default policies from resources after they are created. Default policies are not automatically attached to existing resources.
37
+
You can remove default policies from resources after they are created. Default policies are not automatically associated with existing resources.
38
38
39
39
### Apply policies to new resources by default
40
40
41
-
To automatically apply a network security policy to new resources by default new deployments or projects in your organization:
41
+
To automatically apply a network security policy to new resources in your organization by default:
42
42
43
43
:::{include} _snippets/network-security-page.md
44
44
:::
45
45
4. Select **Create** to create a new policy, or select **Edit** {icon}`pencil` to open an existing policy.
46
-
5. Under **Apply to future resources by default**, select **Include by default**.
46
+
5. Under **Apply to resources (optional)**, check the **Apply to future resources by default** box.
47
47
48
48
### Identify default policies
49
49
50
50
To identify which network security policies are automatically applied to new deployments or projects in your organization:
51
51
52
52
:::{include} _snippets/network-security-page.md
53
53
:::
54
-
4.Select each of the policies. **Include by default**is checked when a policy is automatically applied to all new deployments or projects in its region.
54
+
4.In the **Network security** page, the **Default** value is "Yes" when a policy is automatically applied to all new deployments or projects in its region.
55
55
56
56
## Review the policies associated with a resource
57
57
@@ -63,15 +63,15 @@ To identify the network security policies that are applied to your deployment or
63
63
2. On the **Serverless projects** page, select your project.
64
64
3. Select the **Network security** tab on the left-hand side menu bar.
65
65
66
-
Network security policies are listed on the page. From this page, you can view and remove existing policies and attach new policies.
66
+
Network security policies are listed on the page. From this page, you can view and remove existing policies and apply new policies.
67
67
68
68
:::
69
69
:::{tab-item} Hosted
70
70
1. Log in to the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body).
71
71
2. On the **Hosted deployments** page, select your deployment.
72
72
3. Select the **Security** tab on the left-hand side menu bar.
73
73
74
-
Network security policies are listed under **Network security**. From this section, you can view and remove existing policies and attach new policies.
74
+
Network security policies are listed under **Network security**. From this section, you can view and remove existing policies and apply new policies.
75
75
:::
76
76
::::
77
77
@@ -107,4 +107,4 @@ Requests rejected by a network security policy have the status code `403 Forbidd
107
107
108
108
```json
109
109
{"ok":false,"message":"Forbidden due to traffic filtering. Please see the Elastic documentation on Traffic Filtering for more information."}
0 commit comments