Securing APM data based on environment


I have a question regarding the best way to separate data based on environment and securing the same data in version 6.7.

In this specific case, we are shipping APM data through APM server using the recommended settings (separated by processor.event). The context.service.environment variable is set on the APM agents' side, but currently all data from the applications is shipped to the standard apm indices.

We now want to add a security layer with two roles, one that would grant read-only access to PROD data, the other granting read-only access to TEST data. Based on the above, we are looking into two possible options:

  1. We separate the data in different indices using the APM server. The index name pattern would look like apm-%{[context.service.environment]}-%{[observer.version]}-span-%{+yyyy.MM.dd}. The roles would then be configured to grant access to apm-test* and apm-prod* data.

  2. The data is not separated into different indices, but when creating the roles we use the "Grant read privileges to specific documents", where based on the value of context.service.environment, we query prod or test data.

Please let me know which approach is recommended for this case. And if possible, let me know if option 2 may affect the cluster performance as there is a large number of documents from both environments (around 200 million per week) which would need to be queried.

Thank you in advance for your replies.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.