Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
25 changed files
with
91 additions
and
99 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,21 @@ | ||
.. _signingrequests: | ||
|
||
Signing requests to Amazon ElasticSearch service | ||
Signing requests to Amazon Elasticsearch service | ||
============ | ||
|
||
When using Amazon ElasticSearch service, you need to secure your ElasticSearch from the outside. | ||
Currently, there is no way to secure your ElasticSearch using network firewall rules, so the only way is to signing the requests using the access key and secret key for a role or user with permissions on the ElasticSearch service. | ||
When using Amazon Elasticsearch service, you need to secure your Elasticsearch from the outside. | ||
Currently, there is no way to secure your Elasticsearch using network firewall rules, so the only way is to signing the requests using the access key and secret key for a role or user with permissions on the Elasticsearch service. | ||
|
||
We offer two different options to sign ElastAlert requests to ElasticSearch: using instance roles and boto profiles. | ||
We offer two different options to sign ElastAlert requests to Elasticsearch: using instance roles and boto profiles. | ||
|
||
Using instance role | ||
------------------- | ||
Typically, you'll deploy ElastAlert on a running EC2 instance on AWS. You can assign a role to this instance that gives it permissions to read from and write to the ElasticSearch service. | ||
Then you just need to add the ``aws_region`` option to the configuration file. This will tell ElastAlert to sign the requests to ElasticSearch. | ||
Typically, you'll deploy ElastAlert on a running EC2 instance on AWS. You can assign a role to this instance that gives it permissions to read from and write to the Elasticsearch service. | ||
Then you just need to add the ``aws_region`` option to the configuration file. This will tell ElastAlert to sign the requests to Elasticsearch. | ||
|
||
Using boto profiles | ||
-------------------- | ||
You can also create a user with permissions on the ElasticSearch service and tell ElastAlert to authenticate itself using that user. | ||
You can also create a user with permissions on the Elasticsearch service and tell ElastAlert to authenticate itself using that user. | ||
First, create a boto profile in the machine where you'd like to run ElastAlert for the user with permissions. Then, just add two options to the configuration file: | ||
- ``aws_region``: that tells ElastAlert to sign the requests to ElasticSearch. It's the AWS region where you want to operate. | ||
- ``aws_region``: that tells ElastAlert to sign the requests to Elasticsearch. It's the AWS region where you want to operate. | ||
- ``boto_profile``: with the name of the boto profile to use to sign the requests. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.