如何在允许在 AWS Cloudsearch 中搜索委托人的同时限制对 IP 的文档上传访问?
How do I limit document upload access to an IP while allowing search for a Principal in AWS Cloudsearch?
有什么方法可以限制对 IP 的文档上传访问,同时允许在 AWS Cloudsearch 中搜索委托人?所有政策示例似乎都允许其中之一。
应该这样做:
{
"Version": "2012-10-17",
"Statement":[
{
"Sid": "search_only",
"Effect": "Allow",
"Action": ["cloudsearch:search"],
"Principal": {"AWS":["arn:aws:iam::111122223333:root"]}
},
{
"Sid": "upload_only",
"Effect": "Allow",
"Principal": "*",
"Action": ["cloudsearch:document"],
"Condition": {"IpAddress":{"aws:SourceIp":"192.0.2.0/32"}}
}
]
}
这基于 http://docs.aws.amazon.com/cloudsearch/latest/developerguide/configuring-access.html#policy-examples
中的示例
有什么方法可以限制对 IP 的文档上传访问,同时允许在 AWS Cloudsearch 中搜索委托人?所有政策示例似乎都允许其中之一。
应该这样做:
{
"Version": "2012-10-17",
"Statement":[
{
"Sid": "search_only",
"Effect": "Allow",
"Action": ["cloudsearch:search"],
"Principal": {"AWS":["arn:aws:iam::111122223333:root"]}
},
{
"Sid": "upload_only",
"Effect": "Allow",
"Principal": "*",
"Action": ["cloudsearch:document"],
"Condition": {"IpAddress":{"aws:SourceIp":"192.0.2.0/32"}}
}
]
}
这基于 http://docs.aws.amazon.com/cloudsearch/latest/developerguide/configuring-access.html#policy-examples
中的示例