AWS Documentation

  1. Home
  2. Docs
  3. AWS Documentation
  4. AWS ELK with Beats on Ubuntu 22.04

AWS ELK with Beats on Ubuntu 22.04

Elastic Stack

This AMI features:

  • Nginx 1.18
  • Elasticsearch 8.6
  • Logstash 8.6
  • Kibana 8.6
  • Beats
    • Filebeat 8.6
    • Metricbeat 8.6


You can access the top page at with a dummy certificate. Please wait 10 minutes after starting the instance until the initial configuration of elasticsearch and kibana is complete.

You can find the password from EC2 management console System Log.

  1. Go to Amazon EC2 console at
  2. Chose your Instance and Click Actions → Instance Settings → Get System log

Get System log

You can also SSH into your instance and find the login credential using the following command.

$ cat /home/ubuntu/credentials 
////////////////////credentials info////////////////////
--- kibana-setup
----- Success
--- elasticsearch
----- User     : elastic
----- Password : EkocsTWTjA2Ye84FIhO7

Welcome to Elastic

Start or stop Kibana

$ sudo systemctl start kibana
$ sudo systemctl stop kibana


We installed certbot from snap packages, you can set up TLS/SSL certificates using Let’s Encrypt.


sudo certbot --nginx -d your-domain



Check Elasticsearch

$ sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200 
Enter host password for user 'elastic':
  "name" : "ip-172-31-63-217",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "Au9U2UBCRMCgrjH6mxzVSQ",
  "version" : {
    "number" : "8.6.2",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "2d58d0f136141f03239816a4e360a8d17b6d8f29",
    "build_date" : "2023-02-13T09:35:20.314882762Z",
    "build_snapshot" : false,
    "lucene_version" : "9.4.2",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  "tagline" : "You Know, for Search"

Reset Password for user ‘elastic’

$ sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -s -b

Start or stop Elasticsearch

$ sudo systemctl start elasticsearch
$ sudo systemctl stop elasticsearch



Logstash is already pre-installed.


$ sudo systemctl start logstash


$ sudo systemctl stop logstash

Automatically boot run

$ sudo systemctl enable logstash



Filebeat and Metricbeat are pre-installed, If you want to install other beats, please check out the page below.


Install, automatically boot run, start

sudo apt update && sudo apt install ${beatname}=8.6.2
sudo systemctl enable ${beatname}
sudo systemctl start ${beatname}

ex.) Install packetbeat

sudo apt update && sudo apt install packetbeat=8.6.2
Tags , ,
Was this article helpful to you? Yes No

How can we help?