Configure APM Server to use X-Pack security | APM Server Reference [6.8]

NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.

›

Configure APM Server to use X-Pack securityedit

If you want APM Server to connect to a cluster that has X-Pack security enabled, there are extra configuration steps:

Configure authentication credentials.

To send data to a secured cluster through the elasticsearch output, APM Server needs to authenticate as a user who can manage index templates, monitor the cluster, create indices, and read and write to the indices it creates.
Grant users access to APM Server indices.

To search the indexed APM Server data and visualize it in Kibana, users need access to the indices APM Server creates.
Configure APM Server to use encrypted connections.

If encryption is enabled on the cluster, you need to enable HTTPS in the APM Server configuration.
Set the password for the built-in monitoring user.

APM Server uses the apm_system user to send monitoring data to Elasticsearch. If you plan to monitor APM Server in Kibana and have not yet set up the password, set it up now.

For more information about X-Pack security, see Securing the Elastic Stack.

After securing APM Server, make sure your users have the roles (or associated privileges) required to use these APM Server features. You must create the apm_writer and apm_reader roles (see Configure authentication credentials and Grant users access to APM Server indices). The kibana_user role is built-in.

Feature	Role
Send data to a secured cluster	`apm_writer`
Load index templates	`apm_writer` and `kibana_user`
Load APM Server dashboards into Kibana	`apm_writer` and `kibana_user`
Read indices created by APM Server	`apm_reader`
View APM Server dashboards in Kibana	`kibana_user`