How to Activate/Enable Built-in users in Elasticsearch Cloud deployment
To activate the built-in users, as described in Built-in users documentation.
I would like to state that the documentation referenced above shows the steps to enable these users in your on-prem environment.
In the cloud deployment, these users are not really built-in. So you would have to create them yourself. But not to worry, I have gone ahead to provide a very good sample for you. First, I enabled those built-in users in my own local cluster as illustrated in Built-in users documentation, then I ran the GET _security/user/
or
curl -k — user elastic:CURRENT_ELASTIC_PW -XGET “https://8b71167dfxxxxxxb81cd0ca984xxxxxx.us-central1.gcp.cloud.es.io:9243/_security/user" to list all users. See below the output of GET _security/user/ :
{
“elastic” : {
“username” : “elastic”,
“roles” : [
“superuser”
],
“full_name” : null,
“email” : null,
“metadata” : {
“_reserved” : true
},
“enabled” : true
},
“kibana” : {
“username” : “kibana”,
“roles” : [
“kibana_system”
],
“full_name” : null,
“email” : null,
“metadata” : {
“_reserved” : true
},
“enabled” : true
},
“logstash_system” : {
“username” : “logstash_system”,
“roles” : [
“logstash_system”
],
“full_name” : null,
“email” : null,
“metadata” : {
“_reserved” : true
},
“enabled” : true
},
“beats_system” : {
“username” : “beats_system”,
“roles” : [
“beats_system”
],
“full_name” : null,
“email” : null,
“metadata” : {
“_reserved” : true
},
“enabled” : true
},
“apm_system” : {
“username” : “apm_system”,
“roles” : [
“apm_system”
],
“full_name” : null,
“email” : null,
“metadata” : {
“_reserved” : true
},
“enabled” : true
},
“remote_monitoring_user” : {
“username” : “remote_monitoring_user”,
“roles” : [
“remote_monitoring_collector”,
“remote_monitoring_agent”
],
“full_name” : null,
“email” : null,
“metadata” : {
“_reserved” : true
},
“enabled” : true
}
From the above, we can see the roles that were automatically attached to each of built-in users, I then went ahead to create each of the users and assigned their respective roles as follows (see below for he commands in Kibana Dev Tools as well as in the command-line)
POST _security/user/kibana
{
“password”: “CHANGEME”,
“roles”: [
“kibana_system”
],
“full_name”: null,
“email”: null,
“enabled”: true
}
On command-line: curl -k — user elastic:CURRENT_ELASTIC_PW -XPOST “https://8b71167dfxxxxxxb81cd0ca984xxxxxx.us-central1.gcp.cloud.es.io:9243/_security/user/kibana" -H ‘Content-Type: application/json’ -d’{ “password”: “CHANGEME”, “roles”: [ “kibana_system” ], “full_name”: null, “email”: null, “enabled”: true}’
POST _security/user/logstash_system
{
“password”: “CHANGEME”,
“roles”: [
“logstash_system”
],
“full_name”: null,
“email”: null,
“enabled”: true
}
On command-line: curl -k — user elastic:CURRENT_ELASTIC_PW -XPOST “https://8b71167dfxxxxxxb81cd0ca984xxxxxx.us-central1.gcp.cloud.es.io:9243/_security/user/logstash_system" -H ‘Content-Type: application/json’ -d’{ “password”: “CHANGEME”, “roles”: [ “logstash_system” ], “full_name”: null, “email”: null, “enabled”: true}’
POST _security/user/beats_system
{
“password”: “CHANGEME”,
“roles”: [
“beats_system”
],
“full_name”: null,
“email”: null,
“enabled”: true
}
On command-line: curl -k — user elastic:CURRENT_ELASTIC_PW -XPOST “https://8b71167dfxxxxxxb81cd0ca984xxxxxx.us-central1.gcp.cloud.es.io:9243/_security/user/beats_system" -H ‘Content-Type: application/json’ -d’{ “password”: “CHANGEME”, “roles”: [ “beats_system” ], “full_name”: null, “email”: null, “enabled”: true}’
POST _security/user/apm_system
{
“password”: “CHANGEME”,
“roles”: [
“apm_system”
],
“full_name”: null,
“email”: null,
“enabled”: true
}
On command-line: curl -k — user elastic:CURRENT_ELASTIC_PW -XPOST “https://8b71167dfxxxxxxb81cd0ca984xxxxxx.us-central1.gcp.cloud.es.io:9243/_security/user/apm_system" -H ‘Content-Type: application/json’ -d’{ “password”: “CHANGEME”, “roles”: [ “apm_system” ], “full_name”: null, “email”: null, “enabled”: true}’
POST _security/user/remote_monitoring_user
{
“password”: “CHANGEME”,
“roles”: [
“remote_monitoring_collector”,
“remote_monitoring_agent”
],
“full_name”: null,
“email”: null,
“enabled”: true
}
On command-line: curl -k — user elastic:CURRENT_ELASTIC_PW -XPOST “https://8b71167dfxxxxxxb81cd0ca984xxxxxx.us-central1.gcp.cloud.es.io:9243/_security/user/remote_monitoring_user" -H ‘Content-Type: application/json’ -d’{ “password”: “CHANGEME”, “roles”: [ “remote_monitoring_collector”, “remote_monitoring_agent” ], “full_name”: null, “email”: null, “enabled”: true}’
Note: Unlike the other users, the elastic user is built-in and automatically enabled for you, with a password that is automatically generated when you created your cluster. If you however want to change the password of the existing elastic user, you can use similar commands as when you created the other users, except that the password would be changed rather than creating the user. Please see sample command below.
POST _security/user/elastic
{
“password”: “CHANGEME”,
“roles”: [
“superuser”
],
“full_name”: null,
“email”: null,
“enabled”: true
}
On command-line: curl -k — user elastic:CURRENT_ELASTIC_PW -XPOST “https://8b71167dfxxxxxxb81cd0ca984xxxxxx.us-central1.gcp.cloud.es.io:9243/_security/user/elastic" -H ‘Content-Type: application/json’ -d’{ “password”: “CHANGEME”, “roles”: [ “superuser” ], “full_name”: null, “email”: null, “enabled”: true}’
Alternatively, you can change the password of the existing elastic password as follows:
This would change the password, without attempting to create the elastic user
POST _security/user/elastic/_password
{
“password”: “CHANGEME”
}
On command-line: curl -k — user elastic:CURRENT_ELASTIC_PW -XPOST “https://8b71167dfxxxxxxb81cd0ca984xxxxxx.us-central1.gcp.cloud.es.io:9243/_security/user/elastic/_password" -H ‘Content-Type: application/json’ -d’{ “password”: “CHANGEME”}’
I hope this is helpful to you.