Configuring an API keyedit
In order to use this module, you must configure one or more API-keys. API-keys
are stored as a list of acceptable keys under api_keys
at the root level of the ACL. For example:
default: deny api_keys: - s6aW9aAMZjDMbuhj - 6hKZsTqBru9KnVaW auth: users: ... rules: - ...
In this example, both s6aW9aAMZjDMbuhj
and 6hKZsTqBru9KnVaW
would be
valid API-keys.
Elasticsearch settingsedit
There are several settings introduced by this module:
-
transport.found.host-suffixes
-
A comma-separated list of host suffixes that trigger our attempt to
authenticate with Elasticsearch Service. Defaults to
foundcluster.com,found.no
. -
transport.found.ssl-ports
-
A comma-separated list of ports that trigger our SSL support. Defaults to
9343
. -
transport.found.api-key
-
An API-key which is used to authorize this client when connecting to Elasticsearch Service. API-keys are managed through the console as a list of Strings
under the root level key "api_keys". Defaults to
missing-api-key
-
transport.found.ssl.unsafe_allow_self_signed
-
Whether to accept self-signed certificates when using SSL. This is unsafe and
allows for MITM-attacks, but may be useful for testing. Defaults to
false
. -
transport.found.connection-keep-alive-interval
-
The interval in which to send keep-alive messages. Defaults to
20s
. Set to0
to disable.
Recommended tweaks to existing settings:edit
We recommend setting client.transport.nodes_sampler_interval
to 30s
and setting
client.transport.ping_timeout
to 30s
when using Elasticsearch over non-local networks (this also goes for deployments in the same Amazon EC2 region, as the connections may be routed across a regions availability zones).
Not doing so may greatly increase the number of disconnects and reconnects due to intermittent slow routers / congested networks / garbage collection and a host of other transient problems.