Skip to content

[DO NOT MERGE] Azure: multiple private link case #2840

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 4 commits into from
Closed

[DO NOT MERGE] Azure: multiple private link case #2840

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2e6b082
draft
shainaraskas Sep 5, 2025
185cecc
edit edit
shainaraskas Sep 5, 2025
44c6b99
more
shainaraskas Sep 5, 2025
e1dbeb8
Merge branch 'main' into azure-wildcards
shainaraskas Sep 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 16 additions & 1 deletion deploy-manage/security/private-connectivity-azure.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,22 @@ After you create your private connection policy, you can [edit](#edit-private-co

Refer to the **Azure Private Link Service Alias** column in the [Azure Private Link Service aliases](#ec-private-link-azure-service-aliases) table for the name of the zone. For example, in `eastus2`, use `privatelink.eastus2.azure.elastic-cloud.com` as the zone domain name. Using this zone domain name is required to ensure certificate names match.
2. After creating the private DNS zone, associate the zone with your VNet by creating a [virtual network link](https://learn.microsoft.com/en-us/azure/dns/private-dns-getstarted-portal).
3. Create a DNS A record pointing to the private endpoint. Use `*` as the record name, `A` as the type, and put the private endpoint IP address as the record value.
3. Create a DNS A record pointing to the private endpoint, with the following information:

* **Name**: The Elasticsearch cluster ID of the deployment that you plan to access over private link.

:::{dropdown} Find your cluster ID
1. On the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body) home page, find your deployment and select **Manage**.
2. On the main page for your deployment, find **Applications**.
3. Beside the **Elasticsearch** application, click **Copy cluster ID**.
:::

If you plan to use only one private endpoint in this DNS zone, then you can use a wildcard `*` as the record name.

If you plan to access multiple deployments using the same private link and don't use a wildcard as the record name, then you need to create a DNS A record for each deployment.

* **Type**: `A`
* **Value**: The private endpoint IP address.

Follow the [Azure instructions](https://docs.microsoft.com/en-us/azure/dns/private-dns-getstarted-portal#create-an-additional-dns-record) for details on creating an A record which points to your private endpoint IP address.

Expand Down