The Access Control page lets you manage network access, rules and credentials for your Elasticsearch account. The page has three components, API Keys, Network Sources and Access Rules which we will explain in more detail below.
API Keys
API Keys are login credentials for Elasticsearch and are supplied as the username component in HTTP Basic authentication. Multiple API Keys can be created and they can be individually configured with access rules. Multiple API keys lets you hand out different ones to different parts of your team, have separate API keys for each of your environments, and replace them if they ever become compromised. When you create an account, your first API Key is called "Default".
Access Rules
Access rules are like rules in a firewall and allows you to white-list certain requests for an API Key and therefore block any requests that you have not explicitly granted. Access rules can apply to IP / Subnet, HTTP Method and Elasticsearch Action — where an action could for example be "Create Index" or "Bulk". Your "Default" API Key is set up with access rules accepting any request out of the box. If you were to delete all access rules for a key, you would effectively disable it.
Network Sources
A network source is a representation of an IP address or range of IP addresses (subnet) expressed in CIDR notation. They can be used in conjunction with Access Rules to restrict them to an IP range / Subnet — for example computers in your office.
Access without Authentication
In some cases applications you are using with Elasticsearch might not come ready with support for HTTP Authentication. For such a case we have the "Anonymous" API Key which represents non-authenticated requests to Elasticsearch. As with any API Key, the Anonymous API Key can have access rules configured to grant/deny access to parts of Elasticsearch.
This also comes in handy for users of Kibana who don't want to enter their API Key as authentication. Instead access can be controlled by IP so Kibana data can only be accessed from the office.
Demonstration
We have a short video that demonstrates the interface and how the different components can be used together.