Secure APM Server

edit

This documentation refers to configuring the standalone (legacy) APM Server. This method of running APM Server will be deprecated and removed in a future release. Please consider upgrading to Fleet and the APM integration. If you’re using Fleet and the Elastic APM integration, please see Secure communication with APM agents instead.

The following topics provide information about securing the APM Server process and connecting to a cluster that has security features enabled.

You can use role-based access control and optionally, API keys to grant APM Server users access to secured resources.

After privileged users have been created, use authentication to connect to a secured Elastic cluster.

For secure communication between APM Server and APM Agents, see Secure communication with APM agents.

On Linux, APM Server can take advantage of secure computing mode to restrict the system calls that a process can issue.

A reference of all available SSL configuration settings is also available.

Security Overview

edit

APM Server exposes an HTTP endpoint, and as with anything that opens ports on your servers, you should be careful about who can connect to it. Firewall rules are recommended to ensure only authorized systems can connect.