Hi
I'm setting an APM server up. Need some help with the API keys configuration...
This is what I did so far:
- Created a role with the privileges listed in the docs. (notice the last one, the
apm_api_key
)
POST /_security/role/apm_setup
{
"cluster": [
"monitor",
"manage_ilm"
],
"indices": [
{
"names": [
"apm-*"
],
"privileges": [
"manage"
]
}
]
}
POST /_security/role/apm_monitoring
{
"cluster": [
"monitor"
],
"indices": [
{
"names": [
".monitoring-beats-*"
],
"privileges": [
"create_index",
"create_doc"
]
}
]
}
POST /_security/role/apm_writer
{
"cluster": [
"monitor",
"manage_ilm"
],
"indices": [
{
"names": [
"apm-*"
],
"privileges": [
"create_index",
"view_index_metadata",
"create_doc"
]
}
]
}
POST /_security/role/apm_reader
{
"indices": [
{
"names": [
"apm-*"
],
"privileges": [
"read"
]
}
]
}
PUT _security/role/apm_api_key
{
"applications": [
{
"application": "apm",
"privileges": [
"sourcemap:write",
"event:write",
"config_agent:read"
],
"resources": [
"*"
]
}
]
}
-
Assigned those roles to the
monitor
user. -
...but when I try to create the key:
$ ./apm-server apikey create --name apm-demo --ingest --sourcemap
{"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:admin/xpack/security/api_key/create] is unauthorized for user [monitor]"}],"type":"security_exception","reason":"action [cluster:admin/xpack/security/api_key/create] is unauthorized for user [monitor]"},"status":403}
What is missing?