Grant privileges and roles needed for API key managementedit
You can configure API keys to authorize requests to APM Server. To create an APM Server user with the required privileges for creating and managing API keys:
-
Create an API key role, called something like
apm_api_key
, that has the followingcluster
level privileges:Privilege Purpose manage_api_key
Allow APM Server to create, retrieve, and invalidate API keys
-
Depending on what the API key role will be used for, also assign any or all of the following
apm
application level privileges:-
To receive Agent configuration, assign
config_agent:read
. -
To ingest agent data, assign
event:write
. -
To upload sourcemaps, assign
sourcemap:write
.
-
To receive Agent configuration, assign
- Assign the API key role role to users that need to create and manage API keys.
Example API key roleedit
The following example assigns the required cluster privileges,
and all three apm
API key application privileges to a role named apm_api_key
:
PUT _security/role/apm_api_key { "cluster": [ "manage_api_key" ], "applications": [ { "application": "apm", "privileges": [ "sourcemap:write", "event:write", "config_agent:read" ], "resources": [ "*" ] } ] }
|
|
Required cluster privileges. |
|
Required for API keys that will be used in sourcemap uploads. |
|
Required for API keys that will be used to ingest agent events. |
|
Required for API keys that will be used for Agent configuration. |