fix

Author: shainaraskas

deploy-manage/_snippets/ecloud-security.md

@@ -3,7 +3,7 @@
 In both {{ech}} amd {{serverless-full}}, you can also configure [IP filtering network security policies](/deploy-manage/security/ip-filtering-cloud.md) to prevent unauthorized access to your deployments and projects.
 
 In {{ech}}, you can augment these security features in the following ways:
-* [Configure private connections and apply VCPE filtering](/deploy-manage/security/traffic-filtering.md) to establish a secure connection for your {{ecloud}} deployments to communicate with other cloud services, and restrict traffic to deployments based on those private connections.
+* [Configure private connectivity and apply VCPE filtering](/deploy-manage/security/traffic-filtering.md) to establish a secure connection for your {{ecloud}} deployments to communicate with other cloud services, and restrict traffic to deployments based on those private connections.
 * Encrypt your deployment with a [customer-managed encryption key](/deploy-manage/security/encrypt-deployment-with-customer-managed-encryption-key.md).
 * [Secure your settings](/deploy-manage/security/secure-settings.md) using {{es}} and {{kib}} keystores.
 * Use the list of [{{ecloud}} static IPs](/deploy-manage/security/elastic-cloud-static-ips.md) to allow or restrict communications in your infrastructure.

deploy-manage/security/_snippets/cluster-communication-network.md

@@ -3,5 +3,5 @@
   * **The transport layer**: Used mainly for inter-node communications, and in certain cases for cluster to cluster communication.
   * In self-managed {{es}} clusters, you can also [Configure {{kib}} and {{es}} to use mutual TLS](/deploy-manage/security/kibana-es-mutual-tls.md).
 * [Enable cipher suites for stronger encryption](/deploy-manage/security/enabling-cipher-suites-for-stronger-encryption.md): The TLS and SSL protocols use a cipher suite that determines the strength of encryption used to protect the data. You may want to enable the use of additional cipher suites, so you can use different cipher suites for your TLS communications or communications with authentication providers.
-* [Secure your network using IP filtering and private connections](/deploy-manage/security/traffic-filtering.md): Network security allows you to limit how your deployments can be accessed. Add another layer of security to your installation and deployments by restricting inbound traffic to only the sources that you trust. Restrict access based on IP addresses or CIDR ranges, or, in {{ech}} deployments, secure connectivity through AWS PrivateLink, Azure Private Link, or GCP Private Service Connect.
+* [Secure your network using IP filtering and private connectivity](/deploy-manage/security/traffic-filtering.md): Network security allows you to limit how your deployments can be accessed. Add another layer of security to your installation and deployments by restricting inbound traffic to only the sources that you trust. Restrict access based on IP addresses or CIDR ranges, or, in {{ech}} deployments, secure connectivity through AWS PrivateLink, Azure Private Link, or GCP Private Service Connect.
 * [Allow or deny {{ech}} IP ranges](/deploy-manage/security/elastic-cloud-static-ips.md): {{ecloud}} publishes a list of IP addresses used by its {{ech}} services for both incoming and outgoing traffic. Users can use these lists to configure their network firewalls as needed to allow or restrict traffic related to {{ech}} services.

deploy-manage/security/_snippets/cluster-comparison.md

@@ -20,7 +20,7 @@ Select your deployment type below to see what's available and how implementation
 | **Communication** | TLS (HTTP layer) | Fully managed | Automatically configured by Elastic |
 | | TLS (Transport layer) | Fully managed | Automatically configured by Elastic |
 | **Network** | IP filtering | Configurable | [Configure IP-based access restrictions](/deploy-manage/security/ip-filtering-cloud.md) |
-| | Private connections and VPC filtering | Configurable | [Establish a secure VPC connection](/deploy-manage/security/private-link-traffic-filters.md) |
+| | Private connectivity and VPC filtering | Configurable | [Establish a secure VPC connection](/deploy-manage/security/private-link-traffic-filters.md) |
 | | Kubernetes network policies | N/A |  |
 | **Data** | Encryption at rest | Managed | You can [bring your own encryption key](/deploy-manage/security/encrypt-deployment-with-customer-managed-encryption-key.md) |
 | | Secure settings | Configurable | [Configure secure settings](/deploy-manage/security/secure-settings.md) |
@@ -37,7 +37,7 @@ Select your deployment type below to see what's available and how implementation
 | **Communication** | TLS (HTTP layer) | Fully managed | Automatically configured by Elastic |
 | | TLS (Transport layer) | Fully managed | Automatically configured by Elastic |
 | **Network** | IP filtering | Configurable | [Configure IP-based access restrictions](/deploy-manage/security/ip-filtering-cloud.md) |
-| | Private connections and VPC filtering | N/A |  |
+| | Private connectivity and VPC filtering | N/A |  |
 | | Kubernetes network policies | N/A |  |
 | **Data** | Encryption at rest | Fully managed | Automatically encrypted by Elastic |
 | | Secure settings | N/A |  |
@@ -54,7 +54,7 @@ Select your deployment type below to see what's available and how implementation
 | **Communication** | TLS (HTTP layer) | Managed | You can [configure custom certificates](/deploy-manage/security/secure-your-elastic-cloud-enterprise-installation/manage-security-certificates.md) |
 | | TLS (Transport layer) | Fully managed | Automatically configured by Elastic |
 | **Network** | IP filtering | Configurable | [Configure IP-based access restrictions](/deploy-manage/security/ip-filtering-cloud.md) |
-| | Private connections and VPC filtering | N/A |  |
+| | Private connectivity and VPC filtering | N/A |  |
 | | Kubernetes network policies | N/A |  |
 | **Data** | Encryption at rest | N/A |  |
 | | Secure settings | Configurable | [Configure secure settings](/deploy-manage/security/secure-settings.md) |
@@ -71,7 +71,7 @@ Select your deployment type below to see what's available and how implementation
 | **Communication** | TLS (HTTP layer) | Managed | [Multiple options](/deploy-manage/security/k8s-https-settings.md) for customization |
 | | TLS (Transport layer) | Managed | [Multiple options](/deploy-manage/security/k8s-transport-settings.md) for customization |
 | **Network** | IP filtering | Configurable | [Configure IP-based access restrictions](/deploy-manage/security/ip-filtering-basic.md) |
-| | Private connections and VPC filtering | N/A |  |
+| | Private connectivity and VPC filtering | N/A |  |
 | | Kubernetes network policies | Configurable | [Apply network policies to your Pods](/deploy-manage/security/k8s-network-policies.md) |
 | **Data** | Encryption at rest | N/A |  |
 | | Secure settings | Configurable | [Configure secure settings](/deploy-manage/security/k8s-secure-settings.md) |
@@ -89,7 +89,7 @@ Select your deployment type below to see what's available and how implementation
 | **Communication** | TLS (HTTP layer) | Configurable | Can be automatically or manually configured. See [Initial security setup](/deploy-manage/security/self-setup.md) |
 | | TLS (Transport layer) | Configurable | Can be automatically or manually configured. See [Initial security setup](/deploy-manage/security/self-setup.md) |
 | **Network** | IP filtering | Configurable | [Configure IP-based access restrictions](/deploy-manage/security/ip-filtering-basic.md) |
-| | Private connections and VPC filtering | N/A |  |
+| | Private connectivity and VPC filtering | N/A |  |
 | | Kubernetes network policies | N/A |  |
 | **Data** | Encryption at rest | N/A |  |
 | | Keystore security | Configurable | [Configure secure settings](/deploy-manage/security/secure-settings.md) |

deploy-manage/security/_snippets/remove-filter.md

@@ -1,4 +1 @@
-If you want to remove any traffic restrictions from a deployment or delete a rule set, you’ll need to remove any rule set associations first. To remove an association through the UI:
-
-1. Go to the deployment.
-2. On the **Security** page, under **Traffic filters** select **Remove**.
+% no longer used

deploy-manage/security/aws-privatelink-traffic-filters.md

@@ -15,7 +15,7 @@ sub:
   example-default-dn: "us-east-1.aws.elastic-cloud.com"
 ---
 
-# AWS PrivateLink private connections
+# AWS PrivateLink private connectivity
 
 You can use AWS PrivateLink to establish a secure connection for your {{ecloud}} deployments to communicate with other AWS services. AWS routes the PrivateLink traffic within the AWS data center and never exposes it to the public internet.
 
@@ -225,7 +225,7 @@ Creating a private connection policy and associating it with your deployments al
 Follow these high-level steps to add a private connection policy that can be associated with your deployments.
 
 1. Optional: [Find your VPC endpoint ID](#ec-find-your-endpoint).
-2. [Create rules using the VPC endpoint](#ec-create-traffic-filter-private-link-rule-set).
+2. [Create a private connection policy using the VPC endpoint](#ec-create-traffic-filter-private-link-rule-set).
 3. [Associate the VPC endpoint with your deployment](#ec-associate-traffic-filter-private-link-rule-set).
 
 ### Optional: Find your VPC endpoint ID [ec-find-your-endpoint]
@@ -266,7 +266,7 @@ Create a new private connection policy.
 13. Optional: Under **Apply to resources**, associate the new private connection policy with one or more deployments. If you specified a VPCE filter, then after you associate the filter with a deployment, it starts filtering traffic.
 14. To automatically attach this private connection policy to new deployments, select **Apply by default**.
 15.  Click **Create**.
-16. (Optional) You can [claim your VPC endpoint ID](/deploy-manage/security/claim-traffic-filter-link-id-ownership-through-api.md), so that no other organization is able to use it in a traffic filter ruleset.
+16. (Optional) You can [claim your VPC endpoint ID](/deploy-manage/security/claim-traffic-filter-link-id-ownership-through-api.md), so that no other organization is able to use it in a private connection policy.
 
 The next step is to [associate the policy](#ec-associate-traffic-filter-private-link-rule-set) with your deployment.
 

deploy-manage/security/azure-private-link-traffic-filters.md

@@ -15,7 +15,7 @@ sub:
   example-default-dn: "eastus2.azure.elastic-cloud.com"
 ---
 
-# Azure Private Link private connections
+# Azure Private Link private connectivity
 
 You can use Azure Private Link to establish a secure connection for your {{ecloud}} deployments to communicate with other Azure services. Azure routes the Private Link traffic within the Azure data center and never exposes it to the public internet.
 
@@ -67,11 +67,11 @@ The process of setting up the private connection with Azure Private link is spli
 
 | Azure portal | {{ecloud}} |
 | --- | --- |
-| 1. [Create a private endpoint using {{ecloud}} service alias.](#ec-private-link-azure-dns) |  |
+| 1. [Create a private endpoint using {{ecloud}} service alias](#ec-private-link-azure-dns). |  |
 | 2. [Create a DNS record pointing to the private endpoint](#ec-private-link-azure-dns). |  |
-|  | 3. [Create a private connection policy.](#ec-azure-allow-traffic-from-link-id) |
-|  | 4. [Associate the Azure Private Link rule set with your deployments](#ec-associate-traffic-filter-private-link-rule-set). |
-|  | 5. [Interact with your deployments over Private Link.](#ec-azure-access-the-deployment-over-private-link) |
+|  | 3. [Create a private connection policy](#ec-azure-allow-traffic-from-link-id). |
+|  | 4. [Associate the Azure private connection policy with your deployments](#ec-associate-traffic-filter-private-link-rule-set). |
+|  | 5. [Interact with your deployments over Private Link](#ec-azure-access-the-deployment-over-private-link). |
 
 
 ### Create your private endpoint and DNS entries in Azure [ec-private-link-azure-dns]

deploy-manage/security/gcp-private-service-connect-traffic-filters.md

@@ -16,7 +16,7 @@ sub:
   example-default-dn: "us-central1.gcp.cloud.es.io"
 ---
 
-# GCP Private Service Connect private connections
+# GCP Private Service Connect private connectivity
 
 You can use GCP Private Service Connect to establish a secure connection for your {{ecloud}} deployments to communicate with other GCP services. GCP routes the Private Link traffic within the GCP data center and never exposes it to the public internet.
 

deploy-manage/security/ip-filtering-cloud.md

@@ -8,7 +8,7 @@ applies_to:
   deployment:
     ess: ga
     ece: ga
-    serverless: ga
+  serverless: ga
 products:
   - id: cloud-hosted
   - id: cloud-serverless
@@ -39,7 +39,7 @@ To learn how to create IP filters for self-managed clusters or {{eck}} deploymen
 
 ## Apply an IP filter to a deployment or project
 
-To apply an IP filter to a deployment or project, you must first create a rule set at the organization or platform level, and then apply the rule set to your deployment.
+To apply an IP filter to a deployment or project, you must first create a policy at the organization or platform level, and then apply the policy to your deployment.
 
 ### Step 1: Create an IP filter policy
 

deploy-manage/security/network-security-policies.md

@@ -28,7 +28,7 @@ Policies operate on the proxy. Requests rejected by the policies are not forward
 - You can have a maximum of 1024 policies per organization and 128 sources in each policy.
 - Policies must be created for a specific resource type. If you want to associate a policy to both hosted deployments and Serverless projects, then you have to create the same policy for each resource types.
 - Policies are bound to a single region, and can be assigned only to deployments or projects in the same region. If you want to associate a policy with resources in multiple regions, then you have to create the same policy in all the regions you want to apply it to.
-- Domain-based filtering rules are not allowed for network security policies, because the original IP is hidden behind the proxy. Only IP-based filtering rules are allowed.
+- Domain-based filtering sources are not allowed for network security policies, because the original IP is hidden behind the proxy. Only IP-based filtering sources are allowed.
 
 ## Default network security policies
 

deploy-manage/security/private-link-traffic-filters.md

@@ -3,15 +3,14 @@ applies_to:
   deployment:
     ess: ga
   serverless: ga
-navigation_title: "Add private connections"
 products:
   - id: cloud-hosted
   - id: cloud-serverless
 ---
 
-# Private connections
+# Private connectivity
 
-A private connection is a secure way for your {{ecloud}} deployments and projects to communicate with other cloud provider services over your cloud provider's private network. You can create a virtual private connection endpoint (VCPE) using your provider's private link service. You can also optionally filter traffic to your deployments and projects by creating ingress filters for your VCPE in {{ecloud}}.
+Private connectivity is a secure way for your {{ecloud}} deployments and projects to communicate with other cloud provider services over your cloud provider's private network. You can create a virtual private connection endpoint (VCPE) using your provider's private link service. You can also optionally filter traffic to your deployments and projects by creating ingress filters for your VCPE in {{ecloud}}.
 
 Choose the relevant option for your cloud service provider:
 
@@ -30,5 +29,5 @@ To learn how private connection policies work, how they affect your deployment,
 :::
 
 :::{note}
-Private connections were formerly referred to as PrivateLink filters.
+Private connection policies were formerly referred to as PrivateLink filters.
 :::