Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.x](backport #4193) [apm] Update APM feature roles docs #4357

Merged
merged 1 commit into from
Oct 7, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions docs/en/apm-server/redirects.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -1114,35 +1114,35 @@ Refer to {observability-guide}/apm-secure-comms-stack.html[With the Elastic Stac

{move-notice}

Refer to {observability-guide}/apm-privileges-to-publish-events.html[Create a _writer_ user].
Refer to {observability-guide}/apm-feature-roles.html#apm-privileges-to-publish-events[Create a _writer_ user].

[role="exclude",id="privileges-to-publish-monitoring"]
=== Create a _monitoring_ user

{move-notice}

Refer to {observability-guide}/apm-privileges-to-publish-monitoring.html[Create a _monitoring_ user].
Refer to {observability-guide}/apm-feature-roles.html#apm-privileges-to-publish-monitoring[Create a _monitoring_ user].

[role="exclude",id="privileges-api-key"]
=== Create an _API key_ user

{move-notice}

Refer to {observability-guide}/apm-privileges-api-key.html[Create an _API key_ user].
Refer to {observability-guide}/apm-command-line-options.html#apm-apikey-command[`apikey` command].

[role="exclude",id="privileges-agent-central-config"]
=== Create a _central config_ user

{move-notice}

Refer to {observability-guide}/apm-privileges-agent-central-config.html[Create a _central config_ user].
Refer to {observability-guide}/apm-feature-roles.html#apm-privileges-agent-central-config[Create a _central config_ user].

[role="exclude",id="privileges-rum-source-map"]
=== Create a _source map_ user

{move-notice}

Refer to {observability-guide}/apm-privileges-rum-source-map.html[Create a _source map_ user].
Refer to {observability-guide}/apm-feature-roles.html#apm-privileges-rum-source-map[Create a _source map_ user].

[role="exclude",id="beats-api-keys"]
=== Grant access using API keys
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

:deploy-command-short-desc: Deploys the specified function to your serverless environment

:apikey-command-short-desc: Manage API Keys for communication between APM agents and server.
:apikey-command-short-desc: Manage API Keys for communication between APM agents and server

ifndef::serverless[]
:export-command-short-desc: Exports the configuration, index template, or {ilm-init} policy to stdout
Expand Down Expand Up @@ -57,7 +57,9 @@ more information, see https://www.elastic.co/subscriptions and
[options="header"]
|=======================
|Commands |
|<<apm-apikey-command,`apikey`>> |{apikey-command-short-desc}.
|<<apm-apikey-command,`apikey`>> a| {apikey-command-short-desc}.

deprecated::[8.6.0, Users should create API Keys through {kib} or the {es} REST API. See <<apm-api-key>>.]
|<<apm-export-command,`export`>> |{export-command-short-desc}.
|<<apm-help-command,`help`>> |{help-command-short-desc}.
ifndef::serverless[]
Expand Down Expand Up @@ -101,8 +103,31 @@ apm-server apikey SUBCOMMAND [FLAGS]
Create an API Key with the specified privilege(s). No required flags.
+
The user requesting to create an API Key needs to have APM privileges used by the APM Server.
A superuser, by default, has these privileges. For other users,
you can create them. See <<apm-privileges-api-key,create an API key user>> for required privileges.
A superuser, by default, has these privileges.
+
.*Expand for more information on assigning these privileges to other users*
[%collapsible]
====
To create an APM Server user with the required privileges for creating and managing API keys:

. Create an **API key role**, called something like `apm_api_key`,
that has the following `cluster` level privileges:
+
[options="header"]
|====
| Privilege | Purpose

|`manage_own_api_key`
|Allow APM Server to create, retrieve, and invalidate API keys
|====

. Depending on what the **API key role** will be used for,
also assign the appropriate `apm` application-level privileges:
+
* To **receive Agent configuration**, assign `config_agent:read`.
* To **ingest agent data**, assign `event:write`.
* To **upload source maps**, assign `sourcemap:write`.
====

*`info`*::
Query API Key(s). `--id` or `--name` required.
Expand Down
Loading