Open Distro for Elasticsearch Security is an Elasticsearch plugin that offers encryption, authentication, and authorization. When combined with Open Distro for Elasticsearch Security-Advanced Modules, it supports authentication via Active Directory, LDAP, Kerberos, JSON web tokens, SAML, OpenID and more. It includes fine grained role-based access control to indices, documents and fields. It also provides multi-tenancy support in Kibana.
Please refer to the technical documentation for detailed information on installing and configuring opendistro-elasticsearch-security plugin.
Install Elasticsearch
Install the opendistro-elasticsearch-security plugin for your Elasticsearch version 6.5.4, e.g.:
<ES directory>/bin/elasticsearch-plugin install \
-b com.amazon.opendistroforelasticsearch:opendistro_security:0.8.0.0
cd
into <ES directory>/plugins/opendistro_security/tools
Execute ./install_demo_configuration.sh
, chmod
the script first if necessary. This will generate all required TLS certificates and add the Security Plugin Configuration to your elasticsearch.yml
file.
Start Elasticsearch
Test the installation by visiting https://localhost:9200
. When prompted, use admin/admin as username and password. This user has full access to the cluster.
Display information about the currently logged in user by visiting https://localhost:9200/_opendistro/_security/authinfo
.
mvn clean test
mvn clean package -Padvanced -DskipTests
artifact_zip=`ls $(pwd)/target/releases/opendistro-security-*.zip | grep -v admin-standalone`
./gradlew build buildDeb buildRpm --no-daemon -ParchivePath=$artifact_zip -Dbuild.snapshot=false
The Security Plugin Configuration is stored in a dedicated index in Elasticsearch itself. Changes to the configuration are pushed to this index via the command line tool. This will trigger a reload of the configuration on all nodes automatically. This has several advantages over configuration via elasticsearch.yml:
This code is licensed under the Apache 2.0 License.
Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.