Grant privileges and roles needed for setupedit
Setting up APM Server is an admin-level task that requires extra privileges. As a best practice, grant the setup role to administrators only, and use a more restrictive role for event publishing.
Administrators who set up APM Server typically need to load the index template, set up ILM aliases, templates, and policies, and register ingest pipelines.
To grant users the required privileges for setup:
-
Create a setup role, called something like
apm_setup
, that has the following privileges:Type Privilege Purpose Cluster
manage_ilm
All index lifecycle management operations related to managing policies
Index
manage
onapm-*
indicesAll index administration privileges
-
Assign the setup role, along with the following built-in roles, to users who need to set up APM Server:
Role Purpose ingest_admin
Set up index templates and ingest pipelines
These instructions assume that you are using the default name for
APM Server indices (apm-*
).
If you are using a custom index name, modify the privileges to
match your index naming pattern.
Partial setupedit
In some instances, you may want to create a less-privileged user for a specific setup task.
Set up index templatesedit
APM Server loads an index template to Elasticsearch at setup time. The following privileges are required for this task:
Type | Privilege | Purpose |
---|---|---|
Cluster |
|
All operations on index templates |
See Elasticsearch index template for more information.
Set up ILMedit
Index lifecycle management (ILM) allows you to automate the lifecycle of your APM Server indices as they grow and age. To set up and configure ILM, the following privileges are required:
Type | Privilege | Purpose |
---|---|---|
Cluster |
|
All operations on index templates |
Cluster |
|
All index lifecycle management operations related to managing policies. |
Index |
|
All index administration privileges |
See Index lifecycle management for more information.
Set up ingest pipelinesedit
Ingest pipelines allow you to pre-process documents in Elasticsearch before indexing them. The following privileges are required to manage pipelines:
Type | Privilege | Purpose |
---|---|---|
Cluster |
|
All operations on ingest pipelines |
See pipeline
for more information.