Skip to content

Elastic Cloud Admin Console API Key

Service Name: Elastic Cloud

Service Description: Elastic Cloud is a fully managed service that offers Elasticsearch and Kibana as a hosted solution, providing scalable and secure access to the Elastic Stack.

Service Address: https://cloud.elastic.co/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants administrative access to manage Elastic Cloud deployments, including creating, updating, and deleting deployments.

Secret Revokement URL: https://cloud.elastic.co/security/api-keys

Secret Example: essa_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x0y1z2AAAAA123456=

Suspicious Activity Investigation Instructions:

  • Check Elastic Cloud audit logs for unusual deployment activities or configuration changes
  • Review API access logs for unauthorized API calls from unexpected IP addresses
  • Verify if there are any new deployments or modifications to existing deployments that were not authorized
  • Check for unusual billing activity that might indicate resource abuse
  • Look for changes to user permissions or new API keys created

Mitigation Instructions:

  • Immediately revoke the compromised API key through the Elastic Cloud console
  • Create a new API key with appropriate permissions
  • Review and update access controls for all Elastic Cloud resources
  • Enable IP filtering for API access if available
  • Review deployment configurations for any unauthorized changes
  • Enable audit logging if not already enabled to track future activities