Manage your Elastic security stack as code with the Elastic Stack Terraform provider — Elastic Security Labs

Keypoints

• Detection rules can be defined, versioned, and deployed as code using elasticstack_kibana_security_detection_rule, eliminating manual Kibana UI configuration.
• Exception management is available via elasticstack_kibana_security_exception_list and elasticstack_kibana_security_exception_item, enabling authorized scanner IPs and process allowlists to be managed in Git.
• Prebuilt detection rules are manageable with elasticstack_kibana_prebuilt_rule so organizations can track, customize, and consistently deploy Elastic’s supplied rules.
• ML anomaly detection jobs are now definable in HCL with elasticstack_elasticsearch_ml_anomaly_detection_job, making detectors, bucket spans, influencers, and datafeeds reproducible across environments.
• Cross-cluster automation is supported through scoped cluster API keys (elasticstack_elasticsearch_security_api_key) for CCS/CCR, allowing secure multi-cluster search and replication via Terraform.
• AI connectors (.bedrock and .gen-ai) can be declared as code (elasticstack_kibana_action_connector), letting teams version and review LLM integrations like Bedrock and OpenAI alongside infrastructure.
• Observability and platform coverage expanded with synthetics monitor labels, Elasticsearch alias resource, default data view settings, solution attribute for Kibana spaces, and Fleet agent policy enhancements.