如何保护从移动应用程序对AWS Elasticsearch的访问 [英] How to secure access to AWS Elasticsearch from a mobile application
问题描述
我正在构建一个需要访问AWS Elasticsearch(ES)集群的移动应用程序,并希望确保只有该应用程序才能进行查询。
I'm building a mobile app that requires access to an AWS Elasticsearch (ES) cluster and would like to make sure only the app can make queries.
假设我不会在移动应用程序中分发AWS用户凭证,这是允许对AWS Elasticsearch集群进行读取访问的安全方法吗?
Assuming I'm not going to distribute AWS user credentials with my mobile application, what would be a secure way to allow read access to an AWS Elasticsearch cluster?
读取此AWS帖子我收集到我可以设置反向代理以将我的请求签名到Elasticsearch。如果遵循此路由,如何确保对代理正在侦听的EC2实例端口的访问权限?
Reading this AWS post I gathered that I can setup a reverse proxy to sign my requests to Elasticsearch. If I follow this route, how would I secure access to the EC2 instance port where the proxy is listening to?
推荐答案
对于移动应用程序,您要设置的是Web Identity Federation。这将为用户提供临时凭据,以访问您的移动应用程序所需的AWS资源。
For mobile applications what you want to set up is Web Identity Federation. This is will give users temporary credentials to access aws resources needed for your mobile application.
http ://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html
设置
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html
Amazon关于带有移动应用程序的Web Identity Federation上的文章
Article from Amazon on Web Identity Federation with Mobile Applications
https://aws.amazon.com/articles/4617974389850313
这篇关于如何保护从移动应用程序对AWS Elasticsearch的访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!