I am thinking that the architecture which appears most secure is have web servers send httpd logs to a dual homed logstash server who sends them to ES data nodes on a private LAN. Please advise.
Also, it seems to me that anyone able to ping my ES nodes ot establish an http connection can delete any idices via curl. There appears to be a flag to stop AL indices from being deleted, but someone could just as well delete them one by one. Am I missing something?
If you're talking about Amazon Elasticsearch-as-a-Service, Elastic is not involved with it & we don't support it.
We have our own Cloud offering, hosted on AWS, and which is secured via role based authentication from the start using our own official Shield.
Shield is the best way to secure an Elasticsearch cluster if you're hosting on AWS yourself as well, as it secures all the way to the core of Elasticsearch and integrates with Kibana directly as well.
I was not talking about Elasticsearch-as-a-service as offered by AWS, having said that, nor was I talking about Elasticsearch's Cloud offering hosted on AWS protected by Shield.
One of the beauties of free software is that it is available at no charge.
I was talking about securing the free offering by Elasticsearch with and/or without the cloud, could you please shed some light on that?
Also, it seems to me that anyone able to ping my ES nodes ot establish an http connection can delete any idices via curl. There appears to be a flag to stop AL indices from being deleted, but someone could just as well delete them one by one. Am I missing something?
Oh no, you're right. Exposing an ES instance to the world without requiring authentication or at least filtering the incoming requests is a really bad idea.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.