Confirm successful installation by checking the skill directory location:
.cursor/skills/cloud-create-project
Restart Cursor to activate cloud-create-project. Access via /cloud-create-project in your agent's command palette.
β
Security Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Create Elastic Cloud Serverless projects using the Serverless REST API. Use the cloud-manage-project skill for day-2
operations like listing, updating, or deleting projects.
Prerequisites and permissions
Ensure EC_API_KEY is configured. If not, run cloud-setup skill first.
Creating projects requires a Cloud API key with Admin or Organization owner role.
This skill does not perform a separate role pre-check. Attempt the requested operation and let the API enforce
authorization. If the API returns an authorization error (for example, 403 Forbidden), stop and ask the user to
verify the provided API key permissions.
Manual setup fallback (when cloud-setup is unavailable)
If this skill is installed standalone and cloud-setup is not available, instruct the user to configure Cloud
environment variables manually before running commands. Never ask the user to paste API keys in chat.
Variable
Required
Description
EC_API_KEY
Yes
Elastic Cloud API key used for project creation operations.
EC_BASE_URL
No
Cloud API base URL (default: https://api.elastic-cloud.com).
Note: If EC_API_KEY is missing, or the user does not have a Cloud API key yet, first check whether the user has
an Elastic Cloud account. If not, propose starting a free trial at
Elastic Cloud free trial β 14 days of full access with no credit card
required. Once registered, direct the user to generate a key at
Elastic Cloud API keys, then configure it locally using the steps below.
Preferred method (agent-friendly): create a .env file in the project root:
Terminal exports may not be visible to sandboxed agents running in separate shell sessions, so prefer .env when using
an agent.
Critical principles
Never display secrets in chat. Do not echo, log, or repeat API keys, passwords, or credentials in conversation
messages or agent thinking. Direct the user to the .elastic-credentials file instead. The admin password must
never appear in chat history, thinking traces, or agent output.
Confirm before creating. Always present the project configuration to the user and ask for confirmation before
running the creation script.
Admin credentials are for API key creation only. The script saves the admin password to .elastic-credentials
for bootstrapping a scoped API key. The admin user has full privileges and cannot be modified in serverless. Never
use admin credentials for direct Elasticsearch operations (querying, indexing, etc.) β always create a scoped API key
first (see Step 8). The load-credentials command excludes admin credentials by default β use --include-adminonly during Step 7/8, then reload without it once the API key is created. Never read or display the contents of
.elastic-credentials in chat.
Recover lost credentials. If the script fails to write .elastic-credentials (disk full, permissions, etc.), the
save may be incomplete. Check .elastic-credentials for the password first. If missing, use the
cloud-manage-project skill's reset-credentials command to generate a new password.
Region is permanent. A project's region cannot be changed after creation.
Prefer automatic readiness checks. Pass --wait to the creation script so it polls until the phase changes from
initializing to initialized. Only fall back to manually polling the status endpoint if --wait is unavailable.
Project types
Type
Description
Key endpoints
elasticsearch
Search, analytics, and vector workloads
Elasticsearch, Kibana
observability
Logs, metrics, traces, and APM
Elasticsearch, Kibana, APM, OTLP
security
SIEM, endpoint protection, cloud security
Elasticsearch, Kibana, OTLP
Project type inference
Map the user's request to the correct --type value:
Do not silently default to any type. If the user does not specify a type, infer it from the conversation context
(for example, discussing log ingestion suggests observability, discussing detections or SIEM suggests security,
discussing search or vector workloads suggests elasticsearch). Always present the inferred type to the user and ask
for confirmation before proceeding. If context is insufficient to infer a type, ask the user to choose.
Product tiers
Observability and security projects support a --product-tier flag. Default to complete unless the user explicitly
requests a different tier.
Project type
Tier
Description
observability
complete
Full observability suite (logs, metrics, traces, APM)
observability
logs_essentials
Log management only
security
complete
Full security suite (SIEM, cloud, endpoint)
security
essentials
Core SIEM only
Elasticsearch projects do not have a product tier β use --optimized-for instead.
Sensible defaults
Present these defaults to the user before creation. Ask if they want to use or change them:
Setting
Default
Region
gcp-us-central1
Project type must be confirmed with the user β do not assume a default. See "Project type inference" above.
Always use --optimized-for general_purpose unless the user explicitly requests vector. Do not proactively offer the
vector option.
If the user does not specify a name, ask for one β it is required.
Workflow: Create a project
Project Creation:
- [ ] Step 1: Verify API key is set
- [ ] Step 2: Present defaults and confirm with user
- [ ] Step 3: List available regions (optional)
- [ ] Step 4: Create the project
- [ ] Step 5: Save credentials and endpoints
- [ ] Step 6: Wait for project to initialize
- [ ] Step 7: Set environment variables
- [ ] Step 8: Recommend creating a scoped API key
Step 1: Verify API key is set
echo"${EC_API_KEY:?Not set}"
If EC_API_KEY is not set, run the cloud-setup skill first to configure authentication and defaults.
Step 2: Present summary and confirm with user
Before presenting the summary, ensure the project type has been explicitly confirmed by the user. If no type was
specified, infer one from the conversation context and propose it. If the context is ambiguous, ask the user to choose
from elasticsearch, observability, or security.
Always show a confirmation summary before creating. Include different fields depending on project type:
Always pass --optimized-for general_purpose for Elasticsearch projects. Only use vector if the user explicitly
requests it.
For observability and security projects, pass --product-tier complete unless the user explicitly requests a different
tier.
Always pass --wait so the script automatically polls until the project is ready.
Step 5: Save credentials and endpoints
The script automatically writes credentials to .elastic-credentials in the working directory. The password is redacted
from the JSON output on stdout.
If saving succeeds, tell the user:
Credentials saved to .elastic-credentials β open that file to retrieve your password.
Do not read, cat, or display the contents of .elastic-credentials in chat.
If saving fails, the script prints an error to stderr. Check whether .elastic-credentials exists and contains a
password (a partial write is possible). If the password is missing or the file does not exist, immediately run the
cloud-manage-project skill's reset-credentials command to generate a new password.
The creation response also contains:
Project ID β needed for all subsequent operations
Cloud ID β for client libraries
Elasticsearch and Kibana endpoints β safe to display in chat
The admin credentials are for initial bootstrap only. Recommend creating a scoped API key for ongoing access (Step 8).
Step 6: Wait for project to initialize
When --wait is passed (recommended), the script polls automatically until the project phase becomes initialized. No
manual polling is needed.
If the agent ran without --wait, poll manually:
python3 skills/cloud/create-project/scripts/create-project.py status \--type elasticsearch \--id<project-id>
Repeat until phase changes from initializing to initialized.
Step 7: Set environment variables
The creation script saves credentials and endpoints to .elastic-credentials with the project name in the header. Load
them into the current shell with --include-admin so admin credentials are available for API key creation in Step
8:
This sets ELASTICSEARCH_URL, KIBANA_URL, any project-type specific endpoints (APM_URL, INGEST_URL), and the
admin ELASTICSEARCH_USERNAME/ELASTICSEARCH_PASSWORD needed to bootstrap an API key.
Step 8: Create a scoped API key
The admin user has full privileges and cannot be modified in serverless projects. Do not proceed with Elasticsearch
operations using admin credentials. Create a scoped Elasticsearch API key with only the permissions the user needs.
If the elasticsearch-authn skill is available, use it for API key creation β it covers the full lifecycle (create,
grant, invalidate, query) and handles scoping privileges correctly. If the skill is not installed, ask the user to
either install it or create the API key manually through Kibana > Stack Management > API keys. After creation, save
the API key to .elastic-credentials using the project-specific header format (see manage-project skill's "Credential
file format" section), then reload without --include-admin to drop admin credentials from the environment:
Observability/security tier (see "Product tiers" section)
--wait
create
Poll until project is initialized before exiting
Environment variables
Variable
Required
Description
EC_API_KEY
Yes
Elastic Cloud API key
EC_BASE_URL
No
Cloud API base URL (default: https://api.elastic-cloud.com)
ELASTIC
Implementation Guide
Prerequisites
βΊClaude Desktop or compatible AI client with skill support
βΊClear understanding of task or problem to solve
βΊWillingness to iterate and refine outputs
Time Estimate
15-45 minutes depending on use case complexity
Steps
1Install skill using provided installation command
2Test with simple use case relevant to your work
3Evaluate output quality and relevance
4Iterate on prompts to improve results
5Integrate into regular workflow if valuable
Common Pitfalls
β Expecting perfect results without iteration
β Not providing enough context in prompts
β Using skill for tasks outside its intended scope
β Accepting outputs without review and validation
Best Practices
β Do
+Start with clear, specific prompts
+Provide relevant context and constraints
+Review and refine all outputs before using
+Iterate to improve output quality
+Document successful prompt patterns
β Don't
βDon't use without understanding skill limitations
βDon't skip validation of outputs
βDon't share sensitive information in prompts
βDon't expect skill to replace human judgment
π‘ Pro Tips
β Be specific about desired format and style
β Ask for multiple options to choose from
β Request explanations to understand reasoning
β Combine AI efficiency with human expertise
When to Use This
β Use when
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
β Avoid when
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
Learning Path
1Familiarize yourself with skill capabilities and limitations
2Start with low-risk, non-critical tasks
3Progress to more complex and valuable use cases
4Build expertise through regular use and experimentation
