How to Traffic Filter of elastic cloud allow runbook in automation account azure executing

TuanDang 0 Reputation points
2024-10-16T02:14:49.1666667+00:00

I got the error {"ok":false,"message":"Forbidden due to traffic filtering. Please see the Elastic documentation on Traffic Filtering for more information."} when I start runbook in azure automation account.
Runbook is used for deleting data in elastic cloud periodically. I already set traffic filter which is the reason got the forbidden
How can the runbook execute without forbidden ?
The request :

Invoke-RestMethod -Uri $url -Headers @{ 'Authorization' = "ApiKey $apikey" } -Body $body -ContentType 'application/json' -Method 'POST'
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,256 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vinodh247 22,951 Reputation points MVP
    2024-10-16T05:50:43.1833333+00:00

    Hi TuanDang,

    Thanks for reaching out to Microsoft Q&A.

    The error you're encountering ("Forbidden due to traffic filtering") indicates that your traffic filter settings in elastic cloud are blocking the request coming from the azure automation runbook. To resolve this and allow the runbook to execute without being blocked, follow these steps:

    1. Identify the IP Range of the Automation Account:
      • Azure automation uses certain outbound IP addresses to send traffic to external resources. You will need to allow these IPs in your Elastic Cloud's traffic filter.
      • You can find the list of outbound IP addresses for your Azure Automation account by navigating to the "Automation Account" -> "Properties" section in the Azure Portal. Here, you can view the IP ranges used by your automation account.
    2. Update Elastic Cloud Traffic Filter:
      • Go to --> Elastic Cloud console and navigate to "Security" -> "Traffic Filters".
      • Add a rule in your traffic filter to allow the outbound IP addresses of your Azure Automation account. This will permit the traffic from your runbook to reach Elastic Cloud without being blocked.
      Test Runbook Execution:
      • After updating the traffic filter, retry running your runbook. The traffic from the Automation account should now be allowed, and the "Forbidden" error should be resolved.

    Additionally, make sure the following is correct in your runbook:

    • The $url, $apikey, and $body variables are properly configured.
    • The API key has sufficient permissions to perform the delete operation in Elastic Cloud.

    try and let me know.

    Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.