Securing Your Elastic Stack


We are generating a tremendous amount of data every second. Today’s common knowledge tells us that there are ample business opportunities for enterprises that want to put this data to work. Elasticsearch is one such tool that has the potential to run a business from the raw data rotting on the storage devices.

Elasticsearch is an opensource search engine and data analytics platform. Elastic Stack or ELK (Elasticsearch, Logstash, Kibana) is a group of opensource tools to collect, analyse and visualize information. ELK Stack is a highly scalable, distributed and multi-tenant capable real-time search engine that today is becoming highly popular among businesses. Just to give an example of the able use of this tool, the Guardian uses Elastic Stack to combine visitor logs with social network data to provide real-time feedback to their editors about the public responses to new articles.

Because of its advantages, Elastic Stack is becoming immensely popular not only in mega-corporations but also in startups. Owing to increasing demand for Elastic Stack in businesses, the developer community has put tremendous efforts into improving security features. Very recently Elastic developer community has made the most of the security features free of cost. In this blog, we will learn how to make your Elastic Cluster secure.

The security features

The security features of the community edition of Elastic Stack enable us to protect our data with a password, encrypt the communication between nodes, implement role-based access control, IP filtering and auditing. This tutorial describes how to secure cluster with password protection, secure Elastic APIs, define roles, create users and assign roles to users.

This guide assumes that you have a single node ELK instance in place. If you want to learn how to deploy Elastic stack you can follow this article first.

Securing Your Elastic Stack

By default, the security features are disabled. We will first configure Elasticsearch to enable security features. Open up elastic configuration file config/elasticsearch.yaml and paste the lines below at the end of the file.

... true true

Save the file and restart the elasticsearch service.

After restarting elasticsearch, we will set the passwords for the cluster. In a new terminal, we have to cd into our master node directory. Then we run the command bin/elasticsearch-setup-passwords auto. This will generate random passwords for the various internal stack users. You can alternatively skip the autoparameter to manually define your passwords using the interactive parameter.

Keep track of these passwords, we’ll need them again soon.

The next thing we need to do is configure Kibana. We’ll need to add the password for the Kibana user. We can grab that from the previous output of the setup-passwords command.

Let’s cd into the Kibana directory and open up the config/kibana.yml file with your text editor. Find the lines that look like this

#elasticsearch.username: "user"
#elasticsearch.password: "pass"...

Uncomment the username and password fields by removing the # character at the beginning of the line. Change “user” to “kibana” and then change “pass” to whatever the setup-passwords command tells us the Kibana password is. Save the file then we can start Kibana by running bin/kibana.

The next thing we need to do is configure Logstash config files if you are planning to use Logstash in your stack otherwise you can skip following steps. We’ll need to add Elasticsearch credentials into Logstash configurations file output section. We can grab Elasticsearch credentials from the previous output of the setup-passwords command.

Let’s cd into the logstash directory and open up the output section of the Logstash config file with your text editor. Add highlighted lines into output section.

output {
elasticsearch {
index => "indexname"
user => "elastic"
password => "pass"
document_id => "%{id}"
hosts => ["localhost:9200"]

change “pass” to whatever the setup-passwords command tells us the elastic password is.

Now restart elasticsearch and kibana services.

Congratulations! You have successfully secured your Elastic Cluster.

Now to your kibana dashboard, a login screen will appear. In order to access the Kibana dashboard as a superuser, you will have to provide the “elastic” as the username and the password to whatever the setup-passwords command gave us the “elastic” password is.

Once you log in as superuser, you can have the ability to create security roles and create users and assign roles


Related Posts

MWC 23 Top Technology Trends

Mobile World Congress (MWC) is the one of the greatest and most influential connectivity events in the mobile industry where mobile device manufacturers, technology providers, and other industry stakeholders come together to showcase their latest products, services, and innovations. MWC 23 was held in Barcelona from 27 February to 2 March 2023. The event highlighted several emerging technologies and latest trends in the industry market. Read the blog to discover the top technology trends at MWC 23 and how these trends grow over the coming years!


Significance of AI to Underpin the Metaverse

The term “Metaverse” generally refers to a hypothetical future version of the internet that would be much more immersive and interactive, resembling a virtual world. Artificial intelligence (AI) is likely to play a major role in the development of the metaverse. AI could be used to create more realistic virtual environments in the future. Explore the blog to understand how can AI shape the Metaverse technology.


The 5G Uprising: Influence on Business and Telco Industry

The impact of 5G on the telecom industry is likely to be substantial and transformative, leading to new growth opportunities, increased efficiency, and improved customer experiences. Explore the blog to understand how 5G will transform business and the telecom industry.


A Guide to Choose the Right Engagement Model for IT Services

Choosing the right IT Services Engagement Model is critical to the success of any business that needs IT support, this blog helps in choosing the suitable engagement model for your business.


Introduction to IT Services Engagement Model

Choosing the right IT services engagement model is important for companies to gain multiple benefits, this blog helps gain introductory information on the engagement models.


Impact of OpenRAN on the Telecom Industry

This interesting read highlights how OpenRAN is changing the telecommunications industry and what this means for the future.


Leave a comment / Query / Feedback

Your email address will not be published. Required fields are marked *