您可以使用基于 IAM 和 IP 地址的访问来设置访问策略.在此处查看我的答案.简而言之:

You can setup an Access Policy with both IAM and IP-address based access. See my answer here. In short:

• EC2 实例需要具有 arn:aws:iam::aws:policy/AmazonESFullAccess 策略的配置文件
• 策略应包括两个声明:第一个列出 IAM 访问权限，第二个列出 IP 访问权限.

这是一个示例策略(语句顺序很重要！)

Here's an example policy (statement order is important!)

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::xxxxxxxxxxxx:root"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:us-west-2:xxxxxxxxxxxx:domain/my-elasticsearch-domain/*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:us-west-2:xxxxxxxxxxxx:domain/my-elasticsearch-domain/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "192.168.1.0",
            "192.168.1.1"
          ]
        }
      }
    }
  ]
}