Securing your deployment

The security of Elasticsearch Service is described on the Elastic Cloud security page. In addition to the security provided by Elastic Cloud, you can take the following steps to secure your deployments:

Prevent unauthorized access with password protection and role-based access control:
- Reset the elastic user password.
- Use third-party authentication providers and services like SAML, OpenID Connect, or Kerberos to provide dynamic role mappings for role based or attribute based access control.
- Use Kibana Spaces and roles to secure access to Kibana.
- Authorize and authenticate service accounts for Beats by granting access using API keys.
- Roles can provide full, or read only, access to your data and can be created in Kibana or directly in Elasticsearch. Check defining roles for full details.

Block unwanted traffic with traffic filter.
Secure your settings with the Elasticsearch keystore.

In addition, we also enable encryption at rest (EAR) by default. Elasticsearch Service supports EAR for both the data stored in your clusters and the snapshots we take for backup, on all cloud platforms and across all regions.

« Technical FAQ Reset the elastic user password »