That however results in permission exceptions getting thrown when Logstash is first started. They are related to setting up of templates. I have looked into which permissions would clear these exceptions up, and concluded that adding cluster permissions to manage_index_templates and monitor clears that up.
My question is the following. Are manage_index_templates and monitor permissions ok to be added to logstash user, or is that some kind of a security issue? What would be an alternative way to address these template exceptions? Thoughts?
Any comments on this? I just want to make sure that I am not exposing my Elastic Cloud cluster to potential security vulnerability by adding cluster permissions to logstash user. Would that be a concern for you? Am I overreacting here?
Do you know anyone from Elastic that roams these forums that we can cc here? I am just looking for quick thumbs up or down on this question. Like you mentioned, their documentation for the logstash_writer user actually has a few more permissions, so I don't know if I am not inventing an issue here for no reason. Thanks!
This is our best practice... you can take the other roles out but if anyone sets manage_template or tries to monitor logstash (which is also a best practice) it will fail... It is up to you.
The assumption is that you are properly managing the user credential that are assigned to that user and thus access to that role through use of the encrypted keystore etc.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.