Hi
here that I would change : (based on mine running on cluster, along with x-pack enabled (not security) on 6.2.1
readonlyrest:
enable: true
response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
audit_collector: true
prompt_for_basic_auth: false
access_control_rules:
- name: Kibana Server (we trust this server side component, full access granted via HTTP authentication)
# it is for kibana server getting access to elasticsearch only
auth_key_sha1: f435b46456464646273028f
type: allow
hosts: [kibana_IP]
- name: "x-pack monitoring"
#credentials and config must be done in kibana.yml, elasticsearch.yml, xxxxbeats.yml, logstash.yml
auth_key_sha1: 6fce41670a6546456544655447
type: allow
actions: ["cluster:monitor/*", "indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create", "cluster:admin/ingest/pipeline/*","cluster:admin/xpack/monitoring/*"]
indices: [".monitoring-*"]
verbosity: info
- name: "Kibana read"
indices: ["logstash-*"] # aliases are taken in account!
actions: ["indices:data/read/*"]
kibana_access: ro
kibana_index: .kibana
groups: ["Read Only"]
verbosity: error
- name: "Logstash write"
indices: ["logstash-*"] # aliases are taken in account!
actions: ["indices:data/write/*"]
hosts_local: ["127.0.0.1", "localhost"]
groups: ["Logstash"]
verbosity: error
users:
- username: kibana
auth_key: kibana:****
groups: ["Read Only"]
- username: logstash_internal
auth_key: logstash_internal:****
groups: ["Logstash"]
as I did not see the block for kibana server , i added it.
I added the rule for xpack monitoring. feel free to adapt