Secure communications?


How do I apply ssl/https secure communications on elastic cloud?

I have a Kibana instance running on a EC2 instance connecting to a elastic instance in the elastic cloud.

kibana.yml on the EC2 instance:

elasticsearch.url: ""
elasticsearch.username: "elastic"
elasticsearch.password: "password" true

Allows me to connect to the cloud instance but I don't think this actually secures the communication?

I looked at the documentation but its not clear on how to set up secure communications on 6.3 and the elastic cloud.

If you are using a HTTPS url then it's using SSL/TLS. Or is that not what you want?

That should be what you want, although we discourage the use of the elastic user within Kibana. That use can do everything on your cluster, so if there's some sort of security hole in Kibana, or your config file gets leaked then you are giving away the credentials for a user than can modifiy/delete everything in your cluster.

No that is exactly what I want. I just don't remember it being that easy. Last time I used xpack was under 5.4 and I remember having to do a lot more to get https working. Maybe I'm not remembering correctly.

@TimV What are the minimum permissions the user configured in kibana.yml needs for Kibana to work? I did a quick test with a new user and it seems at least the kibana_system role needs to be assigned?

In a standard install, the kibana user (which has the kibana_system) role is the user you should use for kibana's elasticsearch.username setting.

For cloud, it's probably easiest to create your own user, and just assign them the kibana_system role. That will give you exactly the permissions you need, and will get automatically upgraded to have any new permissions that are required if your ES version changes.

But I don't understand. Why do you want to do this? Elastic cloud has also Kibana built in.


1 Like

Thanks @TimV. Got it.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.