限制 AWS ElasticSearch 对 Auto Scaling 组的访问
Restrict the AWS ElasticSearch access to an auto scaling group
我有一个必须有权访问 AWS ElasticSearch 服务的 AutoScaling 组,
但是如您所知,在这种情况下使用 IP 地址作为访问策略是行不通的(IP 每次都更改)。
我想知道是否有办法使用 IAM 角色或安全组来限制对自动缩放组的访问。
如果有可以举个例子吗?
提前致谢
You specify which IAM users or roles should have access to your
domain. All requests to the domain must be signed with AWS Signature
Version 4 signing. When a request reaches the domain, it is forwarded
to IAM for signature verification and access control.
政策如:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:user/susan"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:123456789012:domain/mydomain/*"
}
]
}
用生成的策略替换红色的用户 ARN 和域 ARN。
参考AWS Blog
我有一个必须有权访问 AWS ElasticSearch 服务的 AutoScaling 组, 但是如您所知,在这种情况下使用 IP 地址作为访问策略是行不通的(IP 每次都更改)。 我想知道是否有办法使用 IAM 角色或安全组来限制对自动缩放组的访问。 如果有可以举个例子吗?
提前致谢
You specify which IAM users or roles should have access to your domain. All requests to the domain must be signed with AWS Signature Version 4 signing. When a request reaches the domain, it is forwarded to IAM for signature verification and access control.
政策如:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:user/susan"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:123456789012:domain/mydomain/*"
}
]
}
用生成的策略替换红色的用户 ARN 和域 ARN。
参考AWS Blog