How to access Kibana from Amazon elasticsearch service?

前端未结

关注

 5  1492

情深已故 2020-12-13 08:38

I created Amazon elasticsearch service and populated data into it using logstash, which has been installed on an EC2 instance. On the Amazon elasticservice console page, the

5条回答

南笙 (楼主)

2020-12-13 09:16

You can setup an Access Policy with both IAM and IP-address based access. See my answer here. In short:

EC2 instance needs a profile with the arn:aws:iam::aws:policy/AmazonESFullAccess policy
Policy should include two statements: first list IAM access, second list IP access.

Here's an example policy (statement order is important!)

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::xxxxxxxxxxxx:root"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:us-west-2:xxxxxxxxxxxx:domain/my-elasticsearch-domain/*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:us-west-2:xxxxxxxxxxxx:domain/my-elasticsearch-domain/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "192.168.1.0",
            "192.168.1.1"
          ]
        }
      }
    }
  ]
}

0 讨论(0)

查看其它5个回答