This document discusses securing your Elasticsearch deployment, from initial installation to configuration.
An Elasticsearch cluster benefits from properly implemented security in the following ways:
The term unauthorized access properly covers two distinct security concepts: Authentication and Authorization.
Authentication validates that a user is who they claim to be. A proper authentication setup enforces that only the
person named, for example, Kelsey Andorra can authenticate to Elasticsearch as the user
kandorra. Shield ships with
out-of-the-box internal authentication mechanism and also integrates with LDAP and the Active Directory to provide
user authentication. Authorization enforces a set of privileges that are available to a specific user. To continue the
example, an authorization framework enforces that the user
kandorra has the ability to perform specific actions on the
Elasticsearch cluster. These specific actions are called privileges. See the Reference section for a
complete list of privileges. Privileges are bundled into sets, and a set of privileges is called a role.
Shield also provides for authorization based on the client’s IP address. You may whitelist and blacklist subnets to
control network-level access to a server.
A standard Elasticsearch cluster provides functionality that provides redundancy to protect against accidental data loss and corruption. By providing encryption for data that is being transmitted from node to node within the cluster, Elasticsearch security protects data from deliberate tampering or unauthorized access.
Knowing who requested which actions on your data, and when, is an important part of security. Keeping an auditable log of the activity in your cluster can not only help diagnose performance issues, but provide insight into attacks and attempted breaches.
Security features for Elasticsearch are implemented in a plugin that you install on each node in your cluster.
The information in this document covers the following broad categories:
- To learn about the architecture of the Elasticsearch security plugin and how the various elements of security interact, see the Architecture Overview section.
- To get started with Elasticsearch security, from installation to initial configuration, see the Getting Started section.
- To answer specific questions about configuration elements and privileges in Elasticsearch security, see the Reference section.