Documentation

Security Access Control

The Security plugin is enabled for all Instaclustr managed OpenSearch clusters. It gives richer access control as well as TLS for both transport and rest ports. The following documentation provides a few example API calls.

Create User:

The following cURL command shows you how to create a user with username my_user and password my_password. Make sure to add your OpenSearch cluster password and the cluster endpoint address to the example. For details on how to find this information, please refer to our support documentation page on Connecting to an OpenSearch Cluster.

curl -X PUT -u icopensearch:<Password> https://xxx.xxx.xxx.xxx:9200/_plugins/_security/api/internalusers/my_user -H 'Content-Type: application/json' -d' 
{ 
    "password": "my_password", 
    "backend_roles": [], 
    "attributes": {} 
}'

curl -X PUT -u icopensearch:<Password> https://xxx.xxx.xxx.xxx:9200/_plugins/_security/api/internalusers/my_user -H 'Content-Type: application/json' -d'

{

"password": "my_password",

"backend_roles": [],

"attributes": {}

curl -X PUT -u icopensearch:<Password> https://xxx.xxx.xxx.xxx:9200/_plugins/_security/api/internalusers/my_user -H 'Content-Type: application/json' -d' 
{ 
    "password": "my_new_password" 
}'

curl -X PUT -u icopensearch:<Password> https://xxx.xxx.xxx.xxx:9200/_plugins/_security/api/internalusers/my_user -H 'Content-Type: application/json' -d'

{

"password": "my_new_password"

Create Role:

The following cURL command shows you how to add a new role named my_role. You can specify what index the role has access to with index_permissions.index_patterns and what action is allowed with index_permissions.allowed_actions.

curl -X PUT -u icopensearch:<Password> https://xxx.xxx.xxx.xxx:9200/_plugins/_security/api/roles/my_role -H 'Content-Type: application/json' -d'
{
  "cluster_permissions": [
    "cluster_composite_ops",
    "indices_monitor"
  ],
  "index_permissions": [{
    "index_patterns": [
      "*"
    ],
    "dls": "",
    "fls": [],
    "masked_fields": [],
    "allowed_actions": [
      "read"
    ]
  }]
}'

curl -X PUT -u icopensearch:<Password> https://xxx.xxx.xxx.xxx:9200/_plugins/_security/api/roles/my_role -H 'Content-Type: application/json' -d'

{

"cluster_permissions": [

"cluster_composite_ops",

"indices_monitor"

"index_permissions": [{

"index_patterns": [

"*"

"dls": "",

"fls": [],

"masked_fields": [],

"allowed_actions": [

"read"

]

}]

Create Role Mapping:

The following cURL command shows you how to map the role my_role we created above to the user we created in the previous example.

curl -X PUT -u icopensearch:<Password> https://xxx.xxx.xxx.xxx:9200/_plugins/_security/api/rolesmapping/my_role -H 'Content-Type: application/json' -d' 
{ 
    "users" : [ "my_user" ] 
}'

curl -X PUT -u icopensearch:<Password> https://xxx.xxx.xxx.xxx:9200/_plugins/_security/api/rolesmapping/my_role -H 'Content-Type: application/json' -d'

{

"users" : [ "my_user" ]

By Instaclustr Support

Previous Article OpenSearch Connecting to a Cluster Next Article Connecting to OpenSearch Using cURL

Need Support?

Learn More

Experiencing difficulties on the website or console?

Status page for known incidents

Already have an account?

Need help with your cluster?

Contact Support

Why sign up?

To experience the ease of creating and managing clusters via the Instaclustr Console

Spin up a cluster in minutes

Free Trial