Network access configuration - Elasticsearch Instances Management| Alibaba Cloud Documentation Center

Go to the network access configuration page

Log on to the Alibaba Cloud Elasticsearch console. In the top navigation bar, select the region where your cluster resides. In the left-side navigation pane, click Elasticsearch Clusters. On the page that appears, find your cluster and click its ID. In the left-side navigation pane of the page that appears, click Data Visualization.
In the Kibana section, click Edit Configuration to go to the Kibana Configuration page.
You can then view the Network Access Configuration section on the Kibana Configuration page. In the Network Access Configuration section, you can turn the Public Network Access and Private Network Access switches on or off, and configure a whitelist for public IP addresses and a whitelist for private IP addresses. By default, Public Network Access is turned on and Private Network Access is turned off.

Configure access over the Internet

By default, Public Network Access is turned on (the switch is green). You can click this switch to disable public network access. After it is disabled, the switch turns gray and you cannot log on to the Kibana console over the Internet.

Configure a whitelist to access the Kibana console over the Internet

Click Update next to Kibana Whitelist. In the Modify Public Network Whitelist pane that appears, enter the IP address you want to add and click OK.

Note By default, all public IP addresses are allowed to access the Kibana console.

The Kibana console supports both IP addresses and CIDR blocks. Enter IP addresses in the format of 192.168.0.1 and CIDR blocks in the format of 192.168.0.0/24. Separate multiple IP addresses and CIDR blocks with commas (,). Enter 127.0.0.1 to forbid all IPv4 addresses or 0.0.0.0/0 to allow all IPv4 addresses.

If your Elasticsearch cluster is deployed in the China (Hangzhou) region, you can add IPv6 addresses to a whitelist in the format of 2401:b180:1000:24::5 or CIDR blocks in the format of 2401:b180:1000::/48. Enter ::1 to forbid all IPv6 addresses or ::/0 to allow all IPv6 addresses.

Configure access over an internal network

By default, Private Network Access is turned off (the switch is gray). You can click this switch to enable private network access. After it is enabled, the switch turns green and then you can log on to the Kibana console over an internal network.

Configure a whitelist to access the Kibana console over an internal network

To access the Kibana console over an internal network, you need to add the IP address of your computer to the whitelist.

Click Update next to Private Network Whitelist. In the Modify Private Network Whitelist pane that appears, enter the IP address you want to add and click OK.

The Kibana console supports both IP addresses and CIDR blocks. Enter IP addresses in the format of 192.168.0.1 and CIDR blocks in the format of 192.168.0.0/24. Separate multiple IP addresses and CIDR blocks with commas (,). Enter 127.0.0.1 to forbid all IPv4 addresses or 0.0.0.0/0 to allow all IPv4 addresses.