We include a dedicated instance of Kibana automatically configured to connect to your Elasticsearch cluster. Kibana allows you to build rich visualizations of your Elasticsearch data using charts and graphs.
All clusters run on dedicated, single-tenant containers to provide isolation at the process and filesystem level. In addition, we completely isolate the network of each instance from other instances on the service.
SSL/TLS is enabled on all Elastic search clusters and we provide https connection strings for:
- ElasticSearch REST API
ACLs / IP Whitelisting¶
All access to Elasticsearch clusters is gated by Access Control Lists (ACLs), so only the IPs or IP ranges specified will have access to the cluster. We allow separate ACLs for the Elasticsearch REST API, Cerebro, and Kibana.
ObjectRocket for Elasticsearch clusters also require user authentication for all communications. We allow three different user roles on the platform:
- Admin: Full read/write access to Elasticsearch and Kibana
- Read only: Read-only access to Elasticsearch
- Kibana: Similar to read only, but with added permissions to modify Kibana dashboards
Encryption at rest¶
Encryption at rest is enabled by default on all instances. This means:
- Storage volumes on the cluster are encrypted on disk, using volume-level encryption
- ObjectRocket manages your encryption keys, so you don’t have to
- All backups/snapshots of that cluster are encrypted as well
By default, we install a number of Elasticsearch plugins on all ObjectRocket for Elasticsearch clusters that mainly belong to the list of “Core” plugins supported by Elastic:
- Analysis plugins:
- Ingest plugins:
- Mapper plugins:
- Snapshot Repository plugins:
We can support additional plugins on a case by case basis. Contact email@example.com if you would like different plugins installed.