Proper access policy for Amazon Elastic Search Cluster

后端未结

关注

 7  801

梦毁少年i 2020-11-29 18:13

I\'ve recently started using the new Amazon Elasticsearch Service and I can\'t seem to figure out the access policy I need so that I can only access the services from my EC2

7条回答

失恋的感觉 (楼主)

2020-11-29 18:26

You just need to full user name in elastic search policy.

In this case, you can get your full user name from the error message itself. In my case: "arn:aws:sts::[ACCOUNT_ID]:assumed-role/[LAMBDA_POLICY_NAME]/[LAMBDA_NAME]"

    {
        "Version": "2012-10-17",
        "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "AWS": [
              "arn:aws:sts::xxxxxxxxxxxx:assumed-role/[lambda-role]/[full-lambda-name]"
            ]
          },
          "Action": "es:*",
          "Resource": "arn:aws:es:[region]:xxxxxxxxxxxxx:domain/[elasticsearch-domain-name]/*"
        }
      ]

    }

0 讨论(0)

查看其它7个回答