Configuring an API Key

In order to use this module, you must configure one or more API-keys. API-keys are stored as a list of acceptable keys under api_keys at the root level of the ACL. For example:

default: deny

api_keys:
    - s6aW9aAMZjDMbuhj
    - 6hKZsTqBru9KnVaW

auth:
  users:
    ...

rules:
  - ...

In the above example, both s6aW9aAMZjDMbuhj and 6hKZsTqBru9KnVaW would be valid API-keys.

Elasticsearch Settings

There are several settings introduced by this module:

transport.found.host-suffixes
A comma-separated list of host suffixes that trigger our attempt to authenticate with Elastic Cloud. Defaults to foundcluster.com,found.no.
transport.found.ssl-ports
A comma-separated list of ports that trigger our SSL support. Defaults to 9343.
transport.found.api-key
An API-key which is used to authorize this client when connecting to Elastic Cloud. API-keys are managed via the console as a list of Strings under the root level key "api_keys". Defaults to missing-api-key
transport.found.ssl.unsafe_allow_self_signed
Whether to accept self-signed certificates when using SSL. This is unsafe and allows for MITM-attacks, but may be useful for testing. Defaults to false.
transport.found.connection-keep-alive-interval
The interval in which to send keep-alive messages. Defaults to 20s. Set to 0 to disable.

Recommended Tweaks to Existing Settings:

We recommend setting client.transport.nodes_sampler_interval to 30s and setting client.transport.ping_timeout to 30s when using Elasticsearch over non-local networks (this also goes for deployments in the same Amazon EC2 region, as the connections may be routed across a regions availability zones).

Not doing so may greatly increase the number of disconnects and reconnects due to intermittent slow routers / congested networks / garbage collection and a host of other transient problems.