AWS ElasticSearch Service-从CF模板设置加密选项 [英] AWS ElasticSearch Service - Set Encryption options from CF template

问题描述

我正在创建一个云形成模板，以在AWS中配置Elasticsearch服务域。

I am creating a cloud formation template to provision elasticsearch service domain in AWS.

我想将加密下的此属性设置为true
到域的所有流量都需要HTTPS，但我无法找到方法AWS文档这样做。

I would like to set this property under Encryption to true "Require HTTPS for all traffic to the domain" but I am not able to find the way in AWS docs to do so.

用于设置加密属性的其他选项，例如
启用静态数据加密& 节点到节点加密已被详细记录。

Other options for setting encryption properties like "Enable encryption of data at rest" & "Node-to-node encryption" are well documented.

有人知道如何从CF模板设置要求对域的所有流量都使用HTTPS属性吗？

Does anyone know how to set "Require HTTPS for all traffic to the domain" property from CF template ?

推荐答案

我这样做的方法是确保安全组仅允许HTTPS（443）访问群集。

The way I did this was to make sure the security group only allows HTTPS (443) access to the cluster.

不完全确定这是否是您要找的东西，如果不是，请给我更多详细信息，我会看看是否可以帮助您。

Not completely sure if this is what you are looking for, but if it's not, give me some more details and I will see if I can help you out.

  mySecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      VpcId: !Ref VpcId
      GroupName: !Ref SecurityGroup
      GroupDescription: !Ref GroupDescription
      SecurityGroupIngress:
        - FromPort: '443'
          IpProtocol: tcp
          ToPort: '443'
          CidrIp: 0.0.0.0/0

这篇关于AWS ElasticSearch Service-从CF模板设置加密选项的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！