Cloud Network Security

Name: Cloud Network Security
Author: elastic

elastic/agent-skills

Use this skill when your agent must configure Elastic Cloud Serverless traffic filters and PrivateLink metadata via the documented REST API.

Overview

Cloud Network Security is an agent skill for the Operate phase that documents Elastic Cloud Serverless traffic filter and PrivateLink APIs for network perimeter control.

Install

npx skills add https://github.com/elastic/agent-skills --skill cloud-network-security

What is this skill?

CRUD traffic filters at GET/POST/PATCH/DELETE /api/v1/serverless/traffic-filters
Documents ApiKey Authorization against https://api.elastic-cloud.com
Maps “network security” wording to API “traffic filters” terminology
Includes PrivateLink region metadata list endpoints
Defines TrafficFilterRequest, PatchTrafficFilterRequest, TrafficFilterRule, and TrafficFilterInfo schemas
Base API URL documented as https://api.elastic-cloud.com with Authorization: ApiKey $EC_API_KEY.
Traffic filter surface includes list, create, get, update, and delete under /api/v1/serverless/traffic-filters.

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 962 installs on skills.sh; 502 GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

You run Elastic Serverless in production but lack an accurate, agent-friendly map of traffic filter endpoints, schemas, and auth headers.

Who is it for?

Solo operators or tiny teams managing Elastic Cloud Serverless who automate network rules via API or agent-assisted IaC.

Skip if: Builders not on Elastic Cloud, purely application-level auth problems, or teams that only need Kibana UI clicks without API automation.

When should I use this skill?

Automating or agent-assisting Elastic Cloud Serverless traffic filters, PrivateLink metadata, or project filter association.

What do I get? / Deliverables

Your agent issues correct Elastic Cloud API calls to create, update, or delete traffic filters and consult PrivateLink metadata without guessing URL paths or field names.

Created or updated traffic filter configurations via API
Accurate request bodies matching TrafficFilterRequest or PatchTrafficFilterRequest schemas

Recommended Skills

Azure Deploymicrosoft/azure-skills

Azure Deploy is a Microsoft agent skill that executes cloud releases for applications that are already planned and valid…374k installs·1.2k stars

Azure Preparemicrosoft/azure-skills

Azure Prepare is Microsoft's skill for getting applications ready to run on Azure—writing the deployment plan, generatin…374k installs·1.2k stars

Azure Storagemicrosoft/azure-skills

Azure Storage skill helps agents pick the right Azure storage service—Blob for objects, Files for SMB shares, Queues for…374k installs·1.2k stars

Azure Validatemicrosoft/azure-skills

Microsoft-guided preflight validation for Azure deployments including IaC, identity, and service-specific readiness.374k installs·1.2k stars

Appinsights Instrumentationmicrosoft/azure-skills

appinsights-instrumentation is a Microsoft Azure-skills package that walks solo builders through enabling Application In…374k installs·1.2k stars

Azure Resource Lookupmicrosoft/azure-skills

Azure Resource Lookup is a Microsoft agent skill that helps solo builders and small teams answer “what do I have in Azur…373k installs·1.2k stars

Journey fit

Primary fit

OperateInfrastructure & cost

Production Elastic deployments need ongoing network perimeter control after launch—classic operate/infra ownership for solo founders running managed search stacks. Infra subphase is the canonical shelf for API-driven cloud networking rules, project association, and PrivateLink region metadata.

Also useful

ShipSecurity

How it compares

Vendor-specific Elastic Cloud API reference—not a generic cloud firewall MCP or multi-cloud security scanner skill.

Common Questions / FAQ

Who is cloud-network-security for?

It is for developers and solo operators running Elastic Cloud Serverless who need precise traffic filter and PrivateLink API details inside their agent workflow.

When should I use cloud-network-security?

Use it in operate/infra when hardening production projects, in ship/security when pre-launch allowlisting, or during operate/monitoring when tightening access after an incident.

Is cloud-network-security safe to install?

The skill describes API operations that require your EC_API_KEY; review the Security Audits panel on this Prism page and never paste production keys into untrusted chats.

SKILL.md

READMESKILL.md - Cloud Network Security

# Cloud Network Security — API Reference

All Serverless traffic filter API calls use base URL `https://api.elastic-cloud.com` and require the header
`Authorization: ApiKey $EC_API_KEY`.

> **Note:** The API uses the term "traffic filters" in endpoint paths and JSON fields. The parent skill uses "network
> security" as the umbrella term. Both refer to the same concept.

## Table of Contents

- [Traffic Filters](#traffic-filters)
  - [List traffic filters](#list-traffic-filters)
  - [Create a traffic filter](#create-a-traffic-filter)
  - [Get a traffic filter](#get-a-traffic-filter)
  - [Update a traffic filter](#update-a-traffic-filter)
  - [Delete a traffic filter](#delete-a-traffic-filter)
- [PrivateLink Metadata](#privatelink-metadata)
  - [List PrivateLink region metadata](#list-privatelink-region-metadata)
- [Schemas](#schemas)
  - [TrafficFilterRequest](#trafficfilterrequest)
  - [PatchTrafficFilterRequest](#patchtrafficfilterrequest)
  - [TrafficFilterRule](#trafficfilterrule)
  - [TrafficFilterInfo](#trafficfilterinfo)
- [Project Association](#project-association)

---

## Traffic Filters

> **Official API docs:**
> [Serverless traffic filter endpoints](https://www.elastic.co/docs/api/doc/elastic-cloud-serverless/group/endpoint-traffic-filters)

### List traffic filters

```text
GET /api/v1/serverless/traffic-filters
```

Returns all traffic filters for the authenticated organization.

**Query parameters:**

| Parameter            | Type    | Required | Description                             |
| -------------------- | ------- | -------- | --------------------------------------- |
| `region`             | string  | No       | Limit results to this region only       |
| `include_by_default` | boolean | No       | Filter by the `include_by_default` flag |

**Response (200):**

```json
{
  "items": [
    {
      "id": "tf-12345",
      "name": "Office IP allowlist",
      "description": "Allow office network",
      "type": "ip",
      "include_by_default": false,
      "region": "us-east-1",
      "rules": [{ "source": "203.0.113.0/24", "description": "Office network" }]
    }
  ]
}
```

### Create a traffic filter

```text
POST /api/v1/serverless/traffic-filters
```

Creates a traffic filter consisting of a set of rules.

**Request body:** [TrafficFilterRequest](#trafficfilterrequest)

**Response (201):** [TrafficFilterInfo](#trafficfilterinfo) — includes the generated `id`.

**Example — IP filter:**

```json
{
  "name": "Office IPs",
  "description": "Corporate office allowlist",
  "type": "ip",
  "region": "us-east-1",
  "include_by_default": false,
  "rules": [
    { "source": "203.0.113.0/24", "description": "Office network" },
    { "source": "198.51.100.5", "description": "VPN gateway" }
  ]
}
```

**Example — VPC filter (AWS PrivateLink):**

```json
{
  "name": "Production VPC",
  "description": "Restrict to production VPC endpoint",
  "type": "vpce",
  "region": "us-east-1",
  "include_by_default": false,
  "rules": [{ "source": "vpce-0abc123def456", "description": "Production VPC endpoint" }]
}
```

### Get a traffic filter

```text
GET /api/v1/serverless/traffic-filters/{id}
```

Retrieves a single traffic filter by ID.

**Path parameters:**

| Parameter | Type   | Required | Description           |
| --------- | ------ | -------- | --------------------- |
| `id`      | string | Yes      | The traffic filter ID |

**Response (200):** [TrafficFilterInfo](#trafficfilterinfo)

### Update a traffic filter

```text
PATCH /api/v1/serverless/traffic-filters/{id}
```

Partially updates a traffic filter. Only include the fields to change.

**Path parameters:**

| Parameter | Type   | Required | Description           |
| --------- | ------ | -------- | --------------------- |
| `id`      | string | Yes      | The traffic filter ID |

**Request body:** [PatchTrafficFilterRequest](#patchtrafficfilterrequest)

**Response (200):** [TrafficFilterInfo](#trafficfilterinfo)

> **Important:** When updating `rules`, provide the *

What is this skill?

CRUD traffic filters at GET/POST/PATCH/DELETE /api/v1/serverless/traffic-filters

Documents ApiKey Authorization against https://api.elastic-cloud.com

Maps “network security” wording to API “traffic filters” terminology

Includes PrivateLink region metadata list endpoints

Defines TrafficFilterRequest, PatchTrafficFilterRequest, TrafficFilterRule, and TrafficFilterInfo schemas

Base API URL documented as https://api.elastic-cloud.com with Authorization: ApiKey $EC_API_KEY.

Traffic filter surface includes list, create, get, update, and delete under /api/v1/serverless/traffic-filters.

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 962 installs on skills.sh; 502 GitHub stars; 3/3 security scanners passed (skills.sh audits).

What do I get? / Deliverables

Your agent issues correct Elastic Cloud API calls to create, update, or delete traffic filters and consult PrivateLink metadata without guessing URL paths or field names.

Created or updated traffic filter configurations via API

Accurate request bodies matching TrafficFilterRequest or PatchTrafficFilterRequest schemas

Journey fit

Primary fit

OperateInfrastructure & cost

Also useful

ShipSecurity

SKILL.md

READMESKILL.md - Cloud Network Security

# Cloud Network Security — API Reference

All Serverless traffic filter API calls use base URL `https://api.elastic-cloud.com` and require the header
`Authorization: ApiKey $EC_API_KEY`.

> **Note:** The API uses the term "traffic filters" in endpoint paths and JSON fields. The parent skill uses "network
> security" as the umbrella term. Both refer to the same concept.

## Table of Contents

- [Traffic Filters](#traffic-filters)
  - [List traffic filters](#list-traffic-filters)
  - [Create a traffic filter](#create-a-traffic-filter)
  - [Get a traffic filter](#get-a-traffic-filter)
  - [Update a traffic filter](#update-a-traffic-filter)
  - [Delete a traffic filter](#delete-a-traffic-filter)
- [PrivateLink Metadata](#privatelink-metadata)
  - [List PrivateLink region metadata](#list-privatelink-region-metadata)
- [Schemas](#schemas)
  - [TrafficFilterRequest](#trafficfilterrequest)
  - [PatchTrafficFilterRequest](#patchtrafficfilterrequest)
  - [TrafficFilterRule](#trafficfilterrule)
  - [TrafficFilterInfo](#trafficfilterinfo)
- [Project Association](#project-association)

---

## Traffic Filters

> **Official API docs:**
> [Serverless traffic filter endpoints](https://www.elastic.co/docs/api/doc/elastic-cloud-serverless/group/endpoint-traffic-filters)

### List traffic filters

```text
GET /api/v1/serverless/traffic-filters
```

Returns all traffic filters for the authenticated organization.

**Query parameters:**

| Parameter            | Type    | Required | Description                             |
| -------------------- | ------- | -------- | --------------------------------------- |
| `region`             | string  | No       | Limit results to this region only       |
| `include_by_default` | boolean | No       | Filter by the `include_by_default` flag |

**Response (200):**

```json
{
  "items": [
    {
      "id": "tf-12345",
      "name": "Office IP allowlist",
      "description": "Allow office network",
      "type": "ip",
      "include_by_default": false,
      "region": "us-east-1",
      "rules": [{ "source": "203.0.113.0/24", "description": "Office network" }]
    }
  ]
}
```

### Create a traffic filter

```text
POST /api/v1/serverless/traffic-filters
```

Creates a traffic filter consisting of a set of rules.

**Request body:** [TrafficFilterRequest](#trafficfilterrequest)

**Response (201):** [TrafficFilterInfo](#trafficfilterinfo) — includes the generated `id`.

**Example — IP filter:**

```json
{
  "name": "Office IPs",
  "description": "Corporate office allowlist",
  "type": "ip",
  "region": "us-east-1",
  "include_by_default": false,
  "rules": [
    { "source": "203.0.113.0/24", "description": "Office network" },
    { "source": "198.51.100.5", "description": "VPN gateway" }
  ]
}
```

**Example — VPC filter (AWS PrivateLink):**

```json
{
  "name": "Production VPC",
  "description": "Restrict to production VPC endpoint",
  "type": "vpce",
  "region": "us-east-1",
  "include_by_default": false,
  "rules": [{ "source": "vpce-0abc123def456", "description": "Production VPC endpoint" }]
}
```

### Get a traffic filter

```text
GET /api/v1/serverless/traffic-filters/{id}
```

Retrieves a single traffic filter by ID.

**Path parameters:**

| Parameter | Type   | Required | Description           |
| --------- | ------ | -------- | --------------------- |
| `id`      | string | Yes      | The traffic filter ID |

**Response (200):** [TrafficFilterInfo](#trafficfilterinfo)

### Update a traffic filter

```text
PATCH /api/v1/serverless/traffic-filters/{id}
```

Partially updates a traffic filter. Only include the fields to change.

**Path parameters:**

| Parameter | Type   | Required | Description           |
| --------- | ------ | -------- | --------------------- |
| `id`      | string | Yes      | The traffic filter ID |

**Request body:** [PatchTrafficFilterRequest](#patchtrafficfilterrequest)

**Response (200):** [TrafficFilterInfo](#trafficfilterinfo)

> **Important:** When updating `rules`, provide the *

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is cloud-network-security for?

When should I use cloud-network-security?

Is cloud-network-security safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is cloud-network-security for?

When should I use cloud-network-security?

Is cloud-network-security safe to install?

SKILL.md