本文介绍了将AWS ElasticSearch访问权限限制为自动缩放组的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个AutoScaling组,该组必须有权访问AWS ElasticSearch Service,但是,正如您所知,在这种情况下,将IP地址用作访问策略将不起作用(IP每次都会更改).我想知道是否有一种方法可以使用IAM角色或安全组来限制对自动伸缩组的访问.如果可以,请给我一个例子吗?
I have an AutoScaling group who must have the access to the AWS ElasticSearch Service,But as you know, using IP address as access policies will not work in this case (The ip change every time).I wonder if there is a way to use IAM Roles or Security groups to limit the access to the auto scaling group.If there is can you give me an example?
提前谢谢
推荐答案
政策,例如:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:user/susan"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:123456789012:domain/mydomain/*"
}
]
}
用生成的策略中的用户ARN和域ARN替换为红色.
Replace the user ARN and domain ARN in red with those from the generated policy.
请参阅 AWS博客
这篇关于将AWS ElasticSearch访问权限限制为自动缩放组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!