我将以下IP访问限制添加到我的AWS Elasticsearch访问策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:000000000000:domain/tst/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"XX.XX.XX.XX"
]
}
}
}
]
}
我有一个lambda功能,并且动式消防室读写Elasticsearch索引。如何将Lambda和Kenesis Firehouse的许可添加到我的Elasticsearch访问政策中?
最后我解决了如下:
-
将以下策略添加到AWS Elasticsearch:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<account-id>:user/admin" }, "Action": "es: *", "Resource": "example-domain.us-east-1.es.amazonaws.com:<account-id>:domain/ *" }, { "Effect": "Allow", "Principal": { "AWS": " * " }, "Action": "es:*", "Resource": "example-domain.us-east-1.es.amazonaws.com:<account-id>:domain/ *", "Condition": { "IpAddress": { "aws:SourceIp": "<my-ip>" } } } ] }
-
使用安全凭据以下策略添加IAM用户:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "elasticsearchFullAccess", "Effect": "Allow", "Action": [ "es: *" ], "Resource": [ "arn:aws:es:us-east-1:<account-id>:domain/ *" ] } ] }
-
使用此请求的标志请求。
我解决了这个问题