我无法访问具有以下访问策略的AWS ES集群,我的IP是列出的IP之一,如果缺少什么,请告知。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:eu-west-1:OUR_ACCOUNT_ID:domain/xxxx-xxxxx-poc/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"52.000.000.07",
"54.00.000.000"
]
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::OUR_ACCOUNT_ID:role/xxxxx-prod-eb-role",
"arn:aws:iam::OUR_ACCOUNT_ID:role/xxxx-staging-eb-role"
]
},
"Action": "es:*",
"Resource": "arn:aws:es:eu-west-1:OUR_ACCOUNT_ID:domain/xxxx-xxxxx-poc/*"
}
]
}
我做了更多的挖掘,我相信这就是你想要的:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::OUR_ACCOUNT_ID:role/xxxxx-prod-eb-role",
"arn:aws:iam::OUR_ACCOUNT_ID:role/xxxx-staging-eb-role"
]
},
"Action": "es:*",
"Resource": "arn:aws:es:eu-west-1:OUR_ACCOUNT_ID:domain/xxxx-xxxxx-poc/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"52.000.000.07",
"54.00.000.000"
]
}
}
}
]
}
在我的回购wiki页面中有更多详细信息