Movatterモバイル変換

[0]ホーム
URL:

Loading
  1. Elastic Docs/
  2. Deploy and manage/
  3. Remote clusters/
  4. On Elastic Cloud Enterprise

Manage trusted environments for remote connections in Elastic Cloud Enterprise

From a deployment'sSecurity page, you can manage trusted environments that were created previously. This can happen when:

By removing a trusted environment, this deployment will no longer be able to establish remote connections using certificate trust to clusters of that environment. The remote environment will also no longer be able to connect to this deployment using certificate trust.

Note

With this method, you can only remove trusted environments relying exclusively on certificates. To remove remote connections that use API keys for authentication, refer toChange a cross-cluster API key used for a remote connection.

  1. Go to the deployment'sSecurity page.

  2. In the list of trusted environments, locate the one you want to remove.

  3. Remove it using the correspondingdelete icon.

    button for deleting a trusted environment

  • Go to theRemote Clusters management page in the navigation menu or use theglobal search field.

  • In the list of existing remote clusters, delete the ones corresponding to the trusted environment you removed earlier.

    1. Go to the deployment'sSecurity page.

    2. In the list of trusted environments, locate the one you want to edit.

    3. Open its details by selecting theEdit icon.

      button for editing a trusted environment

  • Edit the trust configuration for that environment:

    • From theTrust level tab, you can add or remove trusted deployments.
    • From theEnvironment settings tab, you can manage the certificates and the label of the environment.

  • Save your changes.

    • Change a cross-cluster API key used for a remote connection

    This section describes the steps to change the API key used for an existing remote connection. For example, if the previous key expired and you need to rotate it with a new one.

    Note

    If you need to update the permissions granted by a cross-cluster API key for a remote connection, you only need to update the privileges granted by the API key directly in Kibana.

    1. On the deployment you will use as remote, use theElasticsearch API orKibana to create a cross-cluster API key with the appropriate permissions. Configure it with access to the indices you want to use for cross-cluster search or cross-cluster replication.

    2. Copy the encoded key (encoded in the response) to a safe location. You will need it in the next steps.

    3. From the navigation menu of your local deployment, selectSecurity and locate theRemote connections section.

    4. Locate the API key currently used for connecting to the remote cluster, copy its current alias, and delete it.

    5. Add the new API key by selectingAdd API key.

      • For theRemote cluster name, enter the same alias that was used for the previous key.

        Note

        If you use a different alias, you also need to re-create the remote cluster in Kibana with aRemote cluster name that matches the new alias.

      • For theCross-cluster API key, paste the encoded cross-cluster API key, then clickAdd to save the API key to the keystore.

    6. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment's main page (named after your deployment's name), locate theActions menu, and selectRestart Elasticsearch.

      Note

      If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.

    [8]ページ先頭
    ©2009-2026 Movatter.jp