What role should I attach to anonymous user?

rachit_upadhyay · May 17, 2022, 10:35am

So, I am using the Elasticsearch and have the xpack.security.enabled as true. When I try to open the IP:Port and check the status of Elasticsearch node, I have to authorize myself. I wanted to know is it possible to have this authorization removed with anonymous user feature of xpack?

If it is indeed possible I would like to know what kind of role would I need to provide to the anonymous user so that I wouldn't need to enter the credential and I am able to see the status without any issues.

Built-in roles | Elasticsearch Guide [7.16] | Elastic
These are the built-in-roles that I think would be considered but if I have to create a new role do let me know along with it's configuration.

Yang_Wang · May 18, 2022, 4:24am

This depends what you mean by "check the status of Elasticseaerch node". Exactly what are the APIs you need to call with the anonymous user? You want a role that is tightly scoped for your need for security reasons.

rachit_upadhyay · June 2, 2022, 11:05am

I am not using any API. I just need to get 200 status code for when I try to call :9200. Nothing else. This is required for the ALB target group setup in aws platform.

Yang_Wang · June 2, 2022, 12:48pm

Technically that's an API by itself. You need the monitor cluster privilege for it.

system · June 30, 2022, 12:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.