Elasticsearch 7.15 with xpack auth enabled (if matters, only elasticsearch, no kibana or other elk applications installed)

I'm trying to add a user for monitoring purposes (retrieve information from elasticsearch i.e. cluster status, cluster health, indices health, size, docs count, other read only parameters about elasticsearch performance). I was looking into elasticsearch builtin roles and add role of "monitoring_user", but I can only get the "about page" (aka /), no _cluster/health, no _cat/indices or other links.

So what is the minimum least privileges role to be applied to the monitoring user in order to obtain status data from elasticsearch ?

Thank you!

CodePudding user response：

After digging through builtin users/roles, I created a new role for monitoring and assign an user to that role. So far, so good, not sure that I have access to all the information I will need in the future, but it's a start.

This is a sample of ansible variables (official elasticsearch ansible role was used), but I think it's very readable (creating a new role with cluster & indices monitor capability and creating a user with that role assigned).

es_users:
  native:
    monitor:
      password: "xxxxxxxxxxxxx"
      roles:
        - xxx_monitoring
es_roles:
  native:
    xxx_monitoring:
      cluster:
        - monitor
      indices:
        - names: '*'
          privileges:
            - monitor

nota bene: it seems that .security-# index (maybe others too) will not be listed for this monitor user (in _cat/indices page); actually for me it's a feature, not a bug, but please beware