Secure communication with the Elastic Stack

edit

This documentation only applies to the APM Server binary.

Use role-based access control or API keys to grant APM Server users access to secured resources.

Role-based access

edit

Manage access on a feature-by-feature basis by creating several custom feature-related roles and assigning one or more of these roles to each APM Server user based on which features they need to access.

Read more in Use feature roles →

API keys

edit

Instead of using usernames and passwords, you can use API keys to grant access to Elasticsearch resources. You can set API keys to expire at a certain time, and you can explicitly invalidate them.

Read more in Grant access using API keys →

More resources

edit

After privileged users have been created, use authentication to connect to a secured Elastic cluster.

For secure communication between APM Server and APM Agents, see With APM agents.

A reference of all available SSL configuration settings is also available.

APM Server exposes an HTTP endpoint, and as with anything that opens ports on your servers, you should be careful about who can connect to it. Firewall rules are recommended to ensure only authorized systems can connect.