Hi TuanDang,
Thanks for reaching out to Microsoft Q&A.
The error you're encountering ("Forbidden due to traffic filtering") indicates that your traffic filter settings in elastic cloud are blocking the request coming from the azure automation runbook. To resolve this and allow the runbook to execute without being blocked, follow these steps:
- Identify the IP Range of the Automation Account:
- Azure automation uses certain outbound IP addresses to send traffic to external resources. You will need to allow these IPs in your Elastic Cloud's traffic filter.
- You can find the list of outbound IP addresses for your Azure Automation account by navigating to the "Automation Account" -> "Properties" section in the Azure Portal. Here, you can view the IP ranges used by your automation account.
- Update Elastic Cloud Traffic Filter:
- Go to --> Elastic Cloud console and navigate to "Security" -> "Traffic Filters".
- Add a rule in your traffic filter to allow the outbound IP addresses of your Azure Automation account. This will permit the traffic from your runbook to reach Elastic Cloud without being blocked.
- After updating the traffic filter, retry running your runbook. The traffic from the Automation account should now be allowed, and the "Forbidden" error should be resolved.
Additionally, make sure the following is correct in your runbook:
- The
$url
,$apikey
, and$body
variables are properly configured. - The API key has sufficient permissions to perform the delete operation in Elastic Cloud.
try and let me know.
Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.