That should be what you want, although we discourage the use of the elastic user within Kibana. That use can do everything on your cluster, so if there's some sort of security hole in Kibana, or your config file gets leaked then you are giving away the credentials for a user than can modifiy/delete everything in your cluster.
No that is exactly what I want. I just don't remember it being that easy. Last time I used xpack was under 5.4 and I remember having to do a lot more to get https working. Maybe I'm not remembering correctly.
@TimV What are the minimum permissions the user configured in kibana.yml needs for Kibana to work? I did a quick test with a new user and it seems at least the kibana_system role needs to be assigned?
In a standard install, the kibana user (which has the kibana_system) role is the user you should use for kibana's elasticsearch.username setting.
For cloud, it's probably easiest to create your own user, and just assign them the kibana_system role. That will give you exactly the permissions you need, and will get automatically upgraded to have any new permissions that are required if your ES version changes.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.