Elastic Stack
This AMI features:
- Nginx 1.18
- Elasticsearch 8.6
- Logstash 8.6
- Kibana 8.6
- Beats
- Filebeat 8.6
- Metricbeat 8.6
Kibana
You can access the top page at https://xxx.xxx.xxx.xxx with a dummy certificate. Please wait 10 minutes after starting the instance until the initial configuration of elasticsearch and kibana is complete.

You can find the password from EC2 management console System Log.
- Go to Amazon EC2 console at https://console.aws.amazon.com/ec2/.
- Chose your Instance and Click Actions → Instance Settings → Get System log

Get System log

You can also SSH into your instance and find the login credential using the following command.
$ cat /home/ubuntu/credentials
////////////////////credentials info////////////////////
--- kibana-setup
----- Success
--- elasticsearch
----- User : elastic
----- Password : EkocsTWTjA2Ye84FIhO7
////////////////////////////////////////////////////////
Welcome to Elastic

Start or stop Kibana
$ sudo systemctl start kibana
$ sudo systemctl stop kibana
Note
We installed certbot from snap packages, you can set up TLS/SSL certificates using Let’s Encrypt.
ex)
sudo certbot --nginx -d your-domain
Reference
Elasticsearch
Check Elasticsearch
$ sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':
{
"name" : "ip-172-31-63-217",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "Au9U2UBCRMCgrjH6mxzVSQ",
"version" : {
"number" : "8.6.2",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "2d58d0f136141f03239816a4e360a8d17b6d8f29",
"build_date" : "2023-02-13T09:35:20.314882762Z",
"build_snapshot" : false,
"lucene_version" : "9.4.2",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
Reset Password for user ‘elastic’
$ sudo /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -s -b
Start or stop Elasticsearch
$ sudo systemctl start elasticsearch
$ sudo systemctl stop elasticsearch
Reference
Logstash
Logstash is already pre-installed.
Start
$ sudo systemctl start logstash
Stop
$ sudo systemctl stop logstash
Automatically boot run
$ sudo systemctl enable logstash
Reference
Beats
Filebeat and Metricbeat are pre-installed, If you want to install other beats, please check out the page below.
Reference
Install, automatically boot run, start
sudo apt update && sudo apt install ${beatname}=8.6.2
sudo systemctl enable ${beatname}
sudo systemctl start ${beatname}
ex.) Install packetbeat
sudo apt update && sudo apt install packetbeat=8.6.2