That however results in permission exceptions getting thrown when Logstash is first started. They are related to setting up of templates. I have looked into which permissions would clear these exceptions up, and concluded that adding cluster permissions to manage_index_templates and monitor clears that up.
My question is the following. Are manage_index_templates and monitor permissions ok to be added to logstash user, or is that some kind of a security issue? What would be an alternative way to address these template exceptions? Thoughts?
Any comments on this? I just want to make sure that I am not exposing my Elastic Cloud cluster to potential security vulnerability by adding cluster permissions to logstash user. Would that be a concern for you? Am I overreacting here?
Do you know anyone from Elastic that roams these forums that we can cc here? I am just looking for quick thumbs up or down on this question. Like you mentioned, their documentation for the logstash_writer user actually has a few more permissions, so I don't know if I am not inventing an issue here for no reason. Thanks!