0

What is the best way to secure a connection between an Elasticsearch cluster hosted on Elastic Cloud and a backend given that we have hundreds of thousands of users and that I want to handle the authorization logic on the backend itself not on Elasticsearch?
Is it better to create a "system" user in the native realm with all the read and write accesses (it looks like the user feature is intended for real end-users) or to use other types of authentication (but SAML, PKI or Kerberos are also end-user oriented)? Or using other security means like IP based?
I'm used to Elasticsearch service on AWS where authorization is based on IAM roles so I'm a bit lost here.

edit: 18 months later, there's no definitive answer on this, if I had to do it again, I would probably end up using JWT.

tsnobip
  • 289
  • 2
  • 8
  • We use x-pack security feature for authorization to Elastic Cloud. With Elastic Cloud cluster running on https any traffic to the cluster is encrypted thus securing cluster access. – ben5556 Dec 18 '18 at 00:14
  • which x-pack security realm do you use then? – tsnobip Dec 18 '18 at 17:32
  • We use native realm – ben5556 Dec 19 '18 at 00:03
  • Did you create a native realm user for every end-user or a system-user for your backend? We have hundreds of thousands of people that would need to get data from the cluster, so creating a user for everyone of them is not really doable. – tsnobip Dec 20 '18 at 16:25
  • Ah ok yeah we had only a small set of users who needed access. – ben5556 Dec 21 '18 at 06:02

0 Answers0