My purpose is to secure the API connection. Currently I am only use basic auth with username and password to connect from client. I already test the client connection with https and it works fine with basic auth.
If TLS is already enabled, how could I restrict the connection to only the application I am building. If I generate a self-signed certificate from client, what I need to change in server configuration to match.
FYI, I try to add this snippet to elasticsearch.yml but failed to update. The error is not allowed :
API connections to Elastic Cloud are secured by default. SSL is automatically enabled, and a username + password is required.
What exactly are you looking to do on top of that?
That depends on how your application works. Typically you would create a new user for your appllication, and that user's password would be the protection you're after.
Correct. Because Elastic Cloud comes with SSL already enabled, it is not possible to reconfigure this.
Thanks @TimV
Yes, I am using a new user and password with certain permissions.
I just concern if someone has username&password, they can modify the existing Elasticsearch via API call. Or perhaps I am running the application in localhost testing with the existing credentials by mistake.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.