This document outlines the connection details, setup commands, and credentials generated for the Elasticsearch and Kibana environment.
- Elasticsearch URL:
https://<IP>:9200 - Kibana URL:
http://<IP>:5601 - SSH Access:
ssh -i CRM112-Assignment2.pem ec2-user@<IP>
After deploying the infrastructure via Terraform, the following steps were executed inside the server to secure the environment and link Kibana to Elasticsearch.
We generated a new password for the default admin user.
Command:
sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
Output:
Password for the [elastic] user successfully reset. New value:
<password>
This token is required to link the Kibana dashboard to the Elasticsearch database securely.
Command:
sudo /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana
Generated Token:
<long-enrollment-token-string>
To ensure saved objects, reports, and sessions are encrypted, we generated new 32-character keys.
Command:
cd /usr/share/kibana
sudo bin/kibana-encryption-keys generate
Generated Keys:
Add these lines to /etc/kibana/kibana.yml to persist configuration:
xpack.encryptedSavedObjects.encryptionKey: <32-character-encryption-key>
xpack.reporting.encryptionKey: <32-character-encryption-key>
xpack.security.encryptionKey: <32-character-encryption-key>
- Open Kibana: Navigate to
http://<IP>:5601. - Paste Enrollment Token: Use the long token string generated in Step B.
- Get Verification Code: If prompted for a 6-digit code, run:
sudo /usr/share/kibana/bin/kibana-verification-code
- Login:
- Username:
elastic - Password:
<password>
If the kibana-verification-code command fails or Kibana restarts, ensure the encryption keys from Step C have been added to the configuration file (/etc/kibana/kibana.yml) and the service restarted:
sudo systemctl restart kibana