Securing Kibana and ElasticSearch without X-Pack-Security plugin


A customer integrated the ELK stack into their application. If they run their own ES cluster, or use the managed service provided by, they can lock down access to Kibana and ES using the X-Pack-Security plugin.

They're aware of the approach outlined in, but want to avoid the need to run a proxy to handle authentication between Kibana & ES.

Do we have any alternative suggestion?

asked 7 years ago430 views
1 Answer
Accepted Answer

Rather than use a proxy server that is allowed access via IP which requires you running an extra instance, you can enable IAM access and use the aws-es-kibana proxy which runs locally on the client and uses the clients IAM credentials to do the SigV4 signing. Here's another local proxy that supports IAM roles which the first one I mentioned doesn't.

answered 7 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions