From 075a3f3f6fce0758c5dc764dd208d998876669ca Mon Sep 17 00:00:00 2001 From: Bobby Ho Date: Fri, 23 May 2025 10:13:49 -0700 Subject: [PATCH 1/2] add remote cluster traffic filter info in remote-cluster connection page --- deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md | 4 ++++ deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md b/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md index 15d0daa701..f3af921438 100644 --- a/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md +++ b/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md @@ -236,6 +236,10 @@ curl -X GET -H "Authorization: ApiKey $EC_API_KEY" https://api.elastic-cloud.com The response will include just the remote clusters from the same {{ecloud}} organization. In order to obtain the whole list of remote clusters, use {{kib}} or the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-remote-info) directly. :::: +::::{note} +If traffic filtering is enabled on the remote cluster, the remote cluster administrator must configure a traffic filter of type remote cluster, using either the organization ID or the Elasticsearch cluster ID as the filtering criteria. For detailed instructions, refer to [Remote clusters and traffic filtering](https://www.elastic.co/docs/deploy-manage/remote-clusters/ec-enable-ccs#ec-ccs-ccr-traffic-filtering). +:::: + ## Configure roles and users [ec_configure_roles_and_users_2] diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md b/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md index 0ea2815151..0385d9bbef 100644 --- a/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md +++ b/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md @@ -273,6 +273,10 @@ curl -X GET -H "Authorization: ApiKey $EC_API_KEY" https://api.elastic-cloud.com The response will include just the remote clusters from the same {{ecloud}} organization. In order to obtain the whole list of remote clusters, use {{kib}} or the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-remote-info) directly. :::: +::::{note} +If traffic filtering is enabled on the remote cluster, the remote cluster administrator must configure a traffic filter of type remote cluster, using either the organization ID or the Elasticsearch cluster ID as the filtering criteria. For detailed instructions, refer to [Remote clusters and traffic filtering](https://www.elastic.co/docs/deploy-manage/remote-clusters/ec-enable-ccs#ec-ccs-ccr-traffic-filtering). +:::: + ## Configure roles and users [ec_configure_roles_and_users] From 306986206f439f4c24762227581a8106583234a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Mon, 26 May 2025 22:42:00 +0200 Subject: [PATCH 2/2] moved traffic filtering note upwards, and added line in parent page --- deploy-manage/remote-clusters/ec-enable-ccs.md | 1 + .../remote-clusters/ec-remote-cluster-other-ess.md | 9 ++++----- .../remote-clusters/ec-remote-cluster-same-ess.md | 9 ++++----- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/deploy-manage/remote-clusters/ec-enable-ccs.md b/deploy-manage/remote-clusters/ec-enable-ccs.md index b0af70be42..66e2724a8e 100644 --- a/deploy-manage/remote-clusters/ec-enable-ccs.md +++ b/deploy-manage/remote-clusters/ec-enable-ccs.md @@ -58,6 +58,7 @@ The steps, information, and authentication method required to configure CCS and Traffic filtering isn’t supported for cross-cluster operations initiated from an {{ece}} environment to a remote {{ech}} deployment. :::: +API key authentication for remote clusters cannot be used in combination with traffic filtering. For remote clusters configured using TLS certificate authentication, [traffic filtering](../security/traffic-filtering.md) can be enabled to restrict access to deployments that are used as a local or remote cluster without any impact to cross-cluster search or cross-cluster replication. diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md b/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md index f3af921438..0f3998ff7d 100644 --- a/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md +++ b/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md @@ -13,6 +13,10 @@ products: This section explains how to configure a deployment to connect remotely to clusters belonging to a different {{ecloud}} organization. +::::{note} +If traffic filtering is enabled on the remote cluster, the remote cluster administrator must configure a traffic filter of type remote cluster, using either the organization ID or the Elasticsearch cluster ID as the filtering criteria. For detailed instructions, refer to [Remote clusters and traffic filtering](/deploy-manage/remote-clusters/ec-enable-ccs.md#ec-ccs-ccr-traffic-filtering). +:::: + ## Allow the remote connection [ec_allow_the_remote_connection_2] Before you start, consider the security model that you would prefer to use for authenticating remote connections between clusters, and follow the corresponding steps. @@ -236,11 +240,6 @@ curl -X GET -H "Authorization: ApiKey $EC_API_KEY" https://api.elastic-cloud.com The response will include just the remote clusters from the same {{ecloud}} organization. In order to obtain the whole list of remote clusters, use {{kib}} or the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-remote-info) directly. :::: -::::{note} -If traffic filtering is enabled on the remote cluster, the remote cluster administrator must configure a traffic filter of type remote cluster, using either the organization ID or the Elasticsearch cluster ID as the filtering criteria. For detailed instructions, refer to [Remote clusters and traffic filtering](https://www.elastic.co/docs/deploy-manage/remote-clusters/ec-enable-ccs#ec-ccs-ccr-traffic-filtering). -:::: - - ## Configure roles and users [ec_configure_roles_and_users_2] To use a remote cluster for {{ccr}} or {{ccs}}, you need to create user roles with [remote indices privileges](../users-roles/cluster-or-deployment-auth/role-structure.md#roles-remote-indices-priv) on the local cluster. Refer to [Configure roles and users](remote-clusters-api-key.md#remote-clusters-privileges-api-key). \ No newline at end of file diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md b/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md index 0385d9bbef..766da7d2c0 100644 --- a/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md +++ b/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md @@ -13,6 +13,10 @@ products: This section explains how to configure a deployment to connect remotely to clusters belonging to the same {{ecloud}} organization. +::::{note} +If traffic filtering is enabled on the remote cluster, the remote cluster administrator must configure a traffic filter of type remote cluster, using either the organization ID or the Elasticsearch cluster ID as the filtering criteria. For detailed instructions, refer to [Remote clusters and traffic filtering](/deploy-manage/remote-clusters/ec-enable-ccs.md#ec-ccs-ccr-traffic-filtering). +:::: + ## Allow the remote connection [ec_allow_the_remote_connection] Before you start, consider the security model that you would prefer to use for authenticating remote connections between clusters, and follow the corresponding steps. @@ -273,11 +277,6 @@ curl -X GET -H "Authorization: ApiKey $EC_API_KEY" https://api.elastic-cloud.com The response will include just the remote clusters from the same {{ecloud}} organization. In order to obtain the whole list of remote clusters, use {{kib}} or the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-remote-info) directly. :::: -::::{note} -If traffic filtering is enabled on the remote cluster, the remote cluster administrator must configure a traffic filter of type remote cluster, using either the organization ID or the Elasticsearch cluster ID as the filtering criteria. For detailed instructions, refer to [Remote clusters and traffic filtering](https://www.elastic.co/docs/deploy-manage/remote-clusters/ec-enable-ccs#ec-ccs-ccr-traffic-filtering). -:::: - - ## Configure roles and users [ec_configure_roles_and_users] To use a remote cluster for {{ccr}} or {{ccs}}, you need to create user roles with [remote indices privileges](../users-roles/cluster-or-deployment-auth/role-structure.md#roles-remote-indices-priv) on the local cluster. Refer to [Configure roles and users](remote-clusters-api-key.md#remote-clusters-privileges-api-key).