Horje
Elasticsearch API Authentication: How to Set Up with Examples

Elasticsearch is a powerful distributed search and analytics engine widely used for logging, monitoring, and data analysis. To protect your data and ensure secure access, setting up API authentication is essential.

This article will guide you through the process of configuring Elasticsearch API authentication with detailed examples and outputs. We will cover basic authentication, API keys, and role-based access control (RBAC).

Why API Authentication is Important

API authentication in Elasticsearch is crucial for several reasons:

  • Data Security: Prevent unauthorized access to your data.
  • Data Integrity: Ensure that only authenticated users can modify data.
  • Auditability: Track who accessed or modified data.
  • Compliance: Meet regulatory requirements for data protection.

Prerequisites

Before setting up API authentication, ensure you have the following:

  • Elasticsearch is installed and running.
  • Kibana is installed and running (for managing users and roles via the UI).
  • Basic knowledge of Elasticsearch and its REST API.

Enabling Security Features

By default, Elasticsearch security features are disabled. To enable them, you need to configure Elasticsearch and restart it.

Step 1: Update the Configuration

Open the elasticsearch.yml configuration file and add the following settings:

xpack.security.enabled: true

Step 2: Generate Certificates

Elasticsearch requires transport and HTTP layer encryption. Use the elasticsearch-certutil tool to generate the necessary certificates.

bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

Follow the prompts to generate the certificates.

Step 3: Configure the Keystore

Add the generated certificates to the Elasticsearch keystore:

bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

Step 4: Restart Elasticsearch

Restart Elasticsearch to apply the changes.

bin/elasticsearch

Setting Up Basic Authentication

Basic authentication uses usernames and passwords to control access to the Elasticsearch API.

Step 1: Create a User

You can create users using the Kibana UI or the Elasticsearch REST API.

Using Kibana

  • Open Kibana and go to Management > Security > Users.
  • Click Create user.
  • Fill in the username, password, and assign roles (e.g., superuser).

Using the REST API

Alternatively, you can create a user using the REST API:

curl -X POST "localhost:9200/_security/user/my_user" -H 'Content-Type: application/json' -d'
{
  "password" : "mypassword",
  "roles" : [ "superuser" ],
  "full_name" : "John Doe",
  "email" : "[email protected]"
}'

Step 2: Authenticate API Requests

To authenticate API requests, include the username and password in the request header.

Example: Indexing a Document

curl -u my_user:mypassword -X POST "localhost:9200/myindex/_doc/1" -H 'Content-Type: application/json' -d'
{
  "name": "John Doe",
  "age": 30,
  "city": "New York"
}'

Output

The response indicates that the document is indexed successfully:

{
  "_index": "myindex",
  "_id": "1",
  "_version": 1,
  "result": "created",
  "_shards": {
    "total": 2,
    "successful": 1,
    "failed": 0
  }
}

Setting Up API Key Authentication

API keys provide an alternative method for authenticating API requests without using usernames and passwords.

Step 1: Create an API Key

Create an API key using the Elasticsearch REST API:

curl -u my_user:mypassword -X POST "localhost:9200/_security/api_key" -H 'Content-Type: application/json' -d'
{
  "name": "my_api_key",
  "role_descriptors": {
    "my_role": {
      "cluster": ["all"],
      "index": [
        {
          "names": ["*"],
          "privileges": ["all"]
        }
      ]
    }
  }
}'

Step 2: Authenticate API Requests with the API Key

Include the API key in the request header.

Example: Indexing a Document

curl -H "Authorization: ApiKey <base64-encoded-api-key>" -X POST "localhost:9200/myindex/_doc/1" -H 'Content-Type: application/json' -d'
{
  "name": "Jane Doe",
  "age": 25,
  "city": "San Francisco"
}'

To base64-encode the API key, use the following command (replace id:key with your actual API key):

echo -n "id:key" | base64

Output

The response indicates that the document is indexed successfully:

{
  "_index": "myindex",
  "_id": "1",
  "_version": 1,
  "result": "created",
  "_shards": {
    "total": 2,
    "successful": 1,
    "failed": 0
  }
}

Role-Based Access Control (RBAC)

RBAC allows you to define roles with specific permissions and assign these roles to users and API keys.

Step 1: Define Roles

Create roles that define specific permissions using the Kibana UI or the REST API.

Using Kibana

  • Open Kibana and go to Management > Security > Roles.
  • Click Create role.
  • Define the role name and permissions (e.g., read access to specific indices).

Using the REST API

Alternatively, create a role using the REST API:

curl -u my_user:mypassword -X PUT "localhost:9200/_security/role/my_role" -H 'Content-Type: application/json' -d'
{
  "cluster": ["all"],
  "indices": [
    {
      "names": ["myindex"],
      "privileges": ["read"]
    }
  ]
}'

Step 2: Assign Roles to Users

Assign the created role to a user using the Kibana UI or the REST API.

Using Kibana

  • Open Kibana and go to Management > Security > Users.
  • Edit the user and assign the role.

Using the REST API

Assign a role to a user using the REST API:

curl -u my_user:mypassword -X POST "localhost:9200/_security/user/my_user/_roles" -H 'Content-Type: application/json' -d'
{
  "roles": ["my_role"]
}'

Step 3: Authenticate API Requests

Authenticated API requests will now have access based on the assigned roles.

Example: Querying an Index with Role-Based Permissions

curl -u my_user:mypassword -X GET "localhost:9200/myindex/_search" -H 'Content-Type: application/json' -d'
{
  "query": {
    "match_all": {}
  }
}'

Output

The response will include documents from the myindex index:

{
  "took": 10,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": {
      "value": 1,
      "relation": "eq"
    },
    "max_score": 1.0,
    "hits": [
      {
        "_index": "myindex",
        "_id": "1",
        "_score": 1.0,
        "_source": {
          "name": "Jane Doe",
          "age": 25,
          "city": "San Francisco"
        }
      }
    ]
  }
}

Conclusion

Setting up API authentication in Elasticsearch is essential for securing access to your data and ensuring that only authorized users can interact with your Elasticsearch clusters. This article covered the basics of enabling security features, setting up basic authentication, using API keys, and implementing role-based access control (RBAC).

By following these steps, you can enhance the security of your Elasticsearch deployment and provide controlled access to your data, helping to maintain data integrity and comply with security requirements. Experiment with different configurations and techniques to tailor the authentication setup to your specific needs and environment.


 


Reffered: https://www.geeksforgeeks.org

Databases

Related
Indexing Attachments and Binary Data with Elasticsearch Plugins Indexing Attachments and Binary Data with Elasticsearch Plugins
Setting Up RBAC in Elasticsearch with Kibana: Configuring Role-Based Access Control Setting Up RBAC in Elasticsearch with Kibana: Configuring Role-Based Access Control
Configuring TLS in Elasticsearch Configuring TLS in Elasticsearch
How to Register and Call a Schema in Mongoose? How to Register and Call a Schema in Mongoose?
Spotify SQL Interview Questions Spotify SQL Interview Questions

Type:
 Geek
Category:
 Coding
Sub Category:
 Tutorial
Uploaded by:
 Admin
Views:
 11



 

Horje