Private connectivity
Private connectivity is a secure way for your Elastic Cloud deployments and projects to communicate with other cloud provider services over your cloud provider's private network. You can create a virtual private connection (VPC) using your provider's private link service, and then manage it in Elastic Cloud using a private connection policy. You can also optionally filter traffic to your deployments and projects by creating ingress filters for your VPC in Elastic Cloud.
Serverless Observability and Security projects must belong to a specific feature tier to apply private connection policies:
- Observability: Observability Complete
- Security: Security Analytics Complete
Private connection policies are a type of network security policy.
The following organization-level roles are required to manage network security policies through the Elastic Cloud Console. For more information about roles and scoping, refer to User roles and privileges.
| Action | Required role |
|---|---|
| View network security policies | Any organization member |
| Create a network security policy | Organization owner Admin or Editor on at least one Hosted deployment |
| Edit or delete a network security policy | Organization owner Admin or Editor on at least one Hosted deployment |
| Mark a network security policy to apply to new deployments by default | Organization owner Admin or Editor scoped to all Hosted deployments |
| Associate or disassociate a network security policy with a specific deployment | Admin or Editor on that deployment |
| Action | Required role |
|---|---|
| View network security policies | Any organization member |
| Create a network security policy | Organization owner Admin or Editor on at least one project |
| Edit or delete a network security policy | Organization owner Admin or Editor on at least one project |
| Mark a network security policy to apply to new projects by default | Organization owner Admin or Editor scoped to all Elasticsearch, Observability, and Security projects |
| Associate or disassociate a network security policy with a specific project | Admin or Editor on that project |
Choose the relevant option for your cloud service provider:
| Cloud service provider | Service | Applicable deployment types |
|---|---|---|
| AWS | AWS PrivateLink | Elastic Cloud Hosted, Serverless |
| Azure | Azure Private Link | Elastic Cloud Hosted |
| GCP | GCP Private Service Connect | Elastic Cloud Hosted |
For private connections created for Elastic Cloud Hosted deployments, after you set up your private connection, you can claim ownership of your private connection ID to prevent other organizations from using it.
To learn how private connection policies work, how they affect your deployment or project, and how they interact with IP filter policies, refer to Network security policies in Elastic Cloud.
Elastic Cloud Hosted and Elastic Cloud Serverless also support IP filters. You can apply both IP filters and private connections to a single Elastic Cloud resource.
Private connection policies were formerly referred to as PrivateLink traffic filters.