Synthetic Monitoring currently using elastic super user in file

Hi Team,

What is the minimum user permission required to run synthetic monitoring. I don't want to provide superuser privilege to users who all deploy the synthetic monitoring using docker.

sh 7.11.0
'-E output.elasticsearch.hosts=["localhost:9200"]'
'-E output.elasticsearch.username=elastic'
'-E output.elasticsearch.password=changeme'


The script is only meant as an example. Sending data to ES securely from heartbeat (which synthetics is based on) is documented here: Grant users access to secured resources | Heartbeat Reference [7.11] | Elastic

Thanks, @Andrew_Cholakian1 for the quick support.

I have created synthetic_test user and provided the below role as per your provided link but still getting errors.

Cluster - monitor, manage_ilm
Index - manage and write on heartbeat-* indices
Role - kibana_admin, ingest_admin

ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://localhost:9200)): Connection marked as failed because the onConnect callback failed: failed to check for alias 'heartbeat-7.11.0': (status=403) {"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/aliases/get] is unauthorized for user [synthetic_test]"}],"type":"security_exception","reason":"action [indices:admin/aliases/get] is unauthorized for user [synthetic_test]"},"status":403}: 403 Forbidden: {"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/aliases/get] is unauthorized for user [synthetic_test]"}],"type":"security_exception","reason":"action [indices:admin/aliases/get] is unauthorized for user [synthetic_test]"},"status":403}

A 403 error indicates that you haven't setup roles with correct privileges. I see you're using canned roles, but you'll need to create a custom role with rights to write to the heartbeat indices. See this page specifically: Grant privileges and roles needed for publishing | Heartbeat Reference [7.11] | Elastic

1 Like

Thanks a lot @Andrew_Cholakian1

This topic was automatically closed 24 days after the last reply. New replies are no longer allowed.