[docs] Add APM to simplified security docs (#12456)

elastic · Jun 12, 2019 · 25441e6 · 25441e6
1 parent f6629a8
commit 25441e6
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 4 deletions.
diff --git a/libbeat/docs/command-reference.asciidoc b/libbeat/docs/command-reference.asciidoc
@@ -196,9 +196,11 @@ endif::no_dashboards[]
 Exports the index template to stdout. You can specify the `--es.version` and
 `--index` flags to further define what gets exported.
 
+ifndef::apm-server[]
 [[ilm-policy-subcommand]]
 *`ilm-policy`*::
 Exports ILM policy to stdout.
+endif::apm-server[]
 
 *FLAGS*
 

diff --git a/libbeat/docs/monitoring/monitoring-beats.asciidoc b/libbeat/docs/monitoring/monitoring-beats.asciidoc
@@ -40,7 +40,7 @@ the same {es} cluster, specify the following minimal configuration:
 --
 ["source","yml",subs="attributes"]
 --------------------
-xpack.monitoring:
+monitoring:
   enabled: true
   elasticsearch:
     username: {beat_monitoring_user}

diff --git a/libbeat/docs/outputconfig.asciidoc b/libbeat/docs/outputconfig.asciidoc
@@ -1572,8 +1572,11 @@ endif::[]
 ++++
 
 ifdef::apm-server[]
-NOTE: This page refers to using a separate instance of APM Server with an existing Elasticsearch Service deployment.
-APM Server is not yet supported on Elasticsearch Service.
+NOTE: This page refers to using a separate instance of APM Server with an existing
+https://www.elastic.co/cloud/elasticsearch-service[Elasticsearch Service deployment].
+If you want to use APM on Elastic Cloud, see the cloud docs:
+{cloud}/ec-create-deployment.html[Create your deployment] or
+{cloud}/ec-manage-apm-settings.html[Add APM user settings].
 endif::apm-server[]
 
 {beatname_uc} comes with two settings that simplify the output configuration

diff --git a/libbeat/docs/security/basic-auth.asciidoc b/libbeat/docs/security/basic-auth.asciidoc
@@ -27,6 +27,7 @@ output.elasticsearch:
 <2> The example shows a hard-coded password, but you should store sensitive
 values in the <<keystore,secrets keystore>>.
 --
+ifndef::apm-server[]
 +
 If you've configured the {kib} endpoint, also specify credentials for
 authenticating with {kib}. For example:
@@ -39,6 +40,7 @@ setup.kibana:
   password: "{pwd}" 
 ----
 <1> Let's assume this user has the privileges required to set up dashboards.
+endif::apm-server[]
 
 * To use Public Key Infrastructure (PKI) certificates to authenticate users,
 configure the `certificate` and `key` settings. These settings assume that the

diff --git a/libbeat/docs/security/users.asciidoc b/libbeat/docs/security/users.asciidoc
@@ -62,6 +62,12 @@ ifeval::["{beatname_lc}"=="filebeat"]
 |`ingest_admin` role
 endif::[]
 
+ifdef::apm-server[]
+.2+|Set up ingest pipelines
+|`monitor` on cluster
+|`ingest_admin` role
+endif::apm-server[]
+
 .2+|Set up index lifecycle policies
 |`manage_ilm`, `manage_index_templates`, and `monitor` on cluster
 |`manage` on +{beat_default_index_prefix}-*+ indices
@@ -106,6 +112,7 @@ need to perform:
 |====
 |Task | Required privileges and roles
 
+ifndef::apm-server[]
 .3+|Send data to a secured cluster without index lifecycle management
 |`monitor` on cluster
 ifeval::["{beatname_lc}"=="filebeat"]
@@ -116,13 +123,28 @@ endif::[]
 unless you've disabled automatic template loading
 
 .2+|Send data to a secured cluster that supports index lifecycle management
-|`manage_index_templates`,`manage_ilm` footnote:[Use `read_ilm` instead of
+|`manage_index_templates`, `manage_ilm` footnote:[Use `read_ilm` instead of
 `manage_ilm` if you pre-loaded the lifecycle policy], and `monitor`
 on cluster
 ifeval::["{beatname_lc}"=="filebeat"]
 (and `manage_pipeline` if {beatname_uc} modules are used)
 endif::[]
 | `index` and `manage` on +{beat_default_index_prefix}-*+ indices
+endif::apm-server[]
+
+ifdef::apm-server[]
+.3+|Send data to a secured cluster without index lifecycle management
+|`monitor` on cluster
+|`create_index` and `write` on +{beat_default_index_prefix}-*+ indices
+|also requires privileges to <<privileges-to-setup-beats,set up index templates>>
+unless you've disabled automatic template loading: `setup.template.enabled=false`
+
+.3+|Send data to a secured cluster that supports index lifecycle management
+|`manage_ilm` and `monitor` on cluster
+| `index` and `manage` on +{beat_default_index_prefix}-*+ indices
+|also requires privileges to <<privileges-to-setup-beats,set up index templates>>
+unless you've disabled automatic template loading: `setup.template.enabled=false`
+endif::apm-server[]
 
 ifdef::has_central_config[]
 .2+|Read configurations from Beats central management
@@ -153,13 +175,20 @@ perform:
 |====
 |Task | Required privileges and roles
 
+ifndef::apm-server[]
 .2+|View {beatname_uc} dashboards
 |`read` on +{beat_default_index_prefix}-*+ indices
 |`kibana_dashboard_only_user` role
 
 .2+|View and edit {beatname_uc} dashboards
 |`read` on +{beat_default_index_prefix}-*+ indices
 |`kibana_user` role
+endif::apm-server[]
+
+ifdef::apm-server[]
+|Use the APM UI
+|`kibana_user` and `apm_user` roles
+endif::apm-server[]
 
 ifdef::has_central_config[]
 .2+|Create and manage configurations in Beats central management