Secure your clustersedit

In addition to the built-in security features — like IP filtering, identity authorization services for SAML, LDAP or Active Directory, and the Elasticsearch Keystore — Elastic Cloud Enterprise supports most of the security features that are part of the Elastic Stack. These features are designed to:

  • Prevent unauthorized access to deployments with password protection, and role-based access control.
  • Preserve the integrity of your data with message authentication and SSL/TLS encryption.

Elastic Cloud Enterprise handles the installation of the security features for you, both for new deployments you create and for deployments that you upgrade. Which exact set of security features you use depends on the version of your Elasticsearch cluster.

In Elasticsearch version 5.0 and later, the security features to keep your Elastic Cloud Enterprise clusters safe are now part of X-Pack. With the move to X-Pack, the biggest changes to security features for the Elastic Stack include the names of the security configuration options, TLS/SSL configuration, and how roles are defined. A few privileges have also been removed. You work with users and roles in the Kibana Management app. On Elastic Cloud Enterprise, one user is always created with new version 5.0 clusters, the elastic superuser. If you upgrade a cluster to version 5.0, the users defined in your Shield configuration are also preserved.

For Elasticsearch versions before 5.0, the Shield plugin provides similar security features for your cluster, such as user authentication and role based access control. Shield is always installed and enabled on Elastic Cloud Enterprise. You work with users and roles in the Cloud UI user editor directly in the Cloud UI. On Elastic Cloud Enterprise, one user is always created with new version 2.x clusters, the admin superuser.

Note that when you upgrade a cluster to Elasticsearch 5.0 or later from an earlier version of Elasticsearch, your Shield configuration is migrated to X-Pack. If you used the Cloud UI user editor before upgrading to version 5.0, you will need to switch to the Kibana Management app after upgrading.

In Elasticsearch 5.0 and later, you work with users and roles in the Kibana Management app. If you’re using a version of Elasticsearch before 5.0, you use the user editor in the Cloud UI to work with users and roles.

For a more extensive security discussion, please read Securing Your Elasticsearch Cluster, which covers several important aspects of securing Elasticsearch in addition to authentication and authorization. You can also take a look at the security section of Elasticsearch in Production.