and Basic Configuration s), typically to 50% of the layer server's memory: 1.1 Download and Install xpack.security.http.ssl.enable Elasticsearch -Xms4g d: true
Download and install -Xmx4g xpack.security.http.ssl.key:
Elasticsearch on your /path/to/http.key server (use the latest version): xpack.security.http.ssl.certific Step 2: Set up Security ate: /path/to/http.crt # Download and install (TLS/SSL, RBAC) Elasticsearch (assuming you xpack.security.http.ssl.certific 2.1 Enable TLS/SSL for ate_authorities: /path/to/ca.crt use Ubuntu/Debian) Transport and HTTP Layer wget (Open-Source and X-Pack) https://artifacts.elastic.co/dow First, generate nloads/elasticsearch/elasticse certificates using the arch-8.10.0-amd64.deb Elasticsearch-certutil sudo dpkg -i elasticsearch- tool: 8.10.0-amd64.deb cd 2.2 Set Up User Start and enable /usr/share/elasticsearch/bin/ Authentication and Role- Elasticsearch Based Access Control ./elasticsearch-certutil ca service: (RBAC) (X-Pack) ./elasticsearch-certutil cert -- sudo systemctl enable Enable security and ca elastic-stack-ca.p12 elasticsearch user authentication in Move the generated elasticsearch.yml: sudo systemctl start certificates to a elasticsearch xpack.security.enabled: true secure directory and 1.2 Basic Configuration modify Restart Elasticsearch elasticsearch.yml to to enable security. Update the enable TLS elasticsearch.yml encryption: Add users and roles configuration file using the located in # TLS/SSL settings for Elasticsearch API: /etc/elasticsearch/ela transport layer # Create a role with restricted sticsearch.yml. xpack.security.transport.ssl.e access to logs index Key settings: nabled: true PUT cluster.name: my-secure- xpack.security.transport.ssl.v /_security/role/log_reader cluster erification_mode: certificate { node.name: node-1 xpack.security.transport.ssl.k ey: /path/to/your.key "cluster": ["monitor"], network.host: 0.0.0.0 # xpack.security.transport.ssl.c "indices": [ Adjust this based on your network settings ertificate: /path/to/your.crt { http.port: 9200 xpack.security.transport.ssl.c "names": ["logs-*"], ertificate_authorities: You should also increase /path/to/ca.crt "privileges": ["read"] JVM heap size } ] Navigate to the "Monitoring" section } Step 3: Set up Monitoring in Kibana. with Elasticsearch and Kibana You can see cluster # Create a user and assign metrics, node usage, 3.1 Install and Configure index statistics, etc. the role Kibana POST /_security/user/analyst Download and install { Kibana on your server: "password": "password123", wget "roles": ["log_reader"], https://artifacts.elastic.co/dow nloads/kibana/kibana-8.10.0- "full_name": "Log Analyst" amd64.deb } sudo dpkg -i kibana-8.10.0- 2.3 Enable API Key amd64.deb Authentication (Optional, X- Start Kibana and Step 4: Enable Application Pack) modify kibana.yml Performance Monitoring Create API keys to configuration to (APM) (X-Pack) allow services or connect to your 4.1 Install APM Server users to interact with Elasticsearch the cluster: instance: Install the APM server: POST /_security/api_key server.port: 5601 wget { elasticsearch.hosts: https://artifacts.elastic.co/dow ["https://localhost:9200"] "name": "monitoring-key", nloads/apm-server/apm- elasticsearch.username: server-8.10.0-amd64.deb "expiration": "1d", "kibana_system" sudo dpkg -i apm-server- "role_descriptors": { elasticsearch.password: 8.10.0-amd64.deb "monitoring": { "your-password" Configure the APM "cluster": ["monitor"], server.ssl.enabled: true server to connect with Elasticsearch: "index": [ server.ssl.certificate: /path/to/your.crt apm-server: { host: "0.0.0.0:8200" server.ssl.key: "names": ["metrics-*"], /path/to/your.key output.elasticsearch: hosts: "privileges": ["read"] Enable monitoring of ["https://localhost:9200"] Elasticsearch nodes username: "elastic" } and indices: password: "your-password" ] ssl.certificate_authorities: xpack.monitoring.collection.e ["/path/to/ca.crt"] } nabled: true Start the APM server:
} 3.2 Enable Monitoring and sudo systemctl start apm-
Visualize Metrics server } 4.2 Instrument Your "actions": { Enable audit logging Applications "delete": {} to track all user actions and access Add the APM agent } logs: to your application } (e.g., Python, Java, xpack.security.audit.enabled: Node.js) and send } true performance data to } the APM server. xpack.security.audit.logfile.ev } ents.include: # Example for Node.js [ "access_denied", Assign this policy to "authentication_failed" ] npm install elastic-apm-node indices: --save 6.2 Field and Document PUT /logs-*/_settings Level Security (X-Pack) View performance { data in Kibana under Restrict access to the APM section. "index.lifecycle.name": specific fields and "log_policy" documents for users: } PUT Step 5: Data Management /_security/role/restricted_logs 5.2 Snapshot and Backup and Index Lifecycle { Data (X-Pack) Management (ILM) "indices": [ Set up snapshots to { 5.1 Set up Index Lifecycle "names": ["logs-*"], periodically back up Policies (Open-Source and "privileges": ["read"], data: X-Pack) "field_security": { # Register a snapshot "grant": ["timestamp", Define policies that repository "message"] automatically PUT /_snapshot/my_backup } manage index { } retention, rollover, "type": "fs", ] and deletion: "settings": { } "location": 6.3 IP Filtering PUT _ilm/policy/log_policy "/mount/backups" } Limit access to { } Elasticsearch based "policy": { on IP addresses: "phases": { # Take a snapshot PUT xpack.security.transport.filter. "hot": { /_snapshot/my_backup/snaps allow: "192.168.0.0/24" "actions": { hot_1 xpack.security.transport.filter. { "rollover": { deny: "0.0.0.0/0" "indices": "logs-*", "max_size": "50gb", "ignore_unavailable": true, "include_global_state": false "max_age": "30d" } } } }, Step 6: Implement Security "delete": { Best Practices "min_age": "90d", 6.1 Audit Logging (X-Pack)
Step-by-Step Guide to Architect, Plan, Design, Setup, and Configure Infrastructure Automation Using Terraform for Dev, Staging, and Production Environments with Kubernetes AKS EKS for the Financial Industry