更新时间:2023-02-19 08:20:02
您可以使用基于 IAM 和 IP 地址的访问来设置访问策略.在此处查看我的答案.简而言之:
You can setup an Access Policy with both IAM and IP-address based access. See my answer here. In short:
arn:aws:iam::aws:policy/AmazonESFullAccess
策略的配置文件这是一个示例策略(语句顺序很重要!)
Here's an example policy (statement order is important!)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxxxxxxxxx:root"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:xxxxxxxxxxxx:domain/my-elasticsearch-domain/*"
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:xxxxxxxxxxxx:domain/my-elasticsearch-domain/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"192.168.1.0",
"192.168.1.1"
]
}
}
}
]
}