AWS ElasticSearch域创建权限 [英] AWS ElasticSearch domain creation permission
问题描述
我尝试向IAM帐户授予在AWS中创建ES域所需的权限,但是除AdministratorAccess之外,我找不到任何要附加的现有策略.是否有自定义策略或可以分配给IAM帐户的内容?我在网上搜索,但也找不到任何有用的信息.
Amazon ES支持三种类型的访问策略:
-
基于资源的策略
-
基于身份的策略
-
基于IP的策略
要获取有关如何创建自己的自定义策略的详细信息,您可以阅读以下官方文档:
您可以创建基于IP的限制,可以将Amazon ES终端节点访问权限限制为某些AWS账户或用户
{"Version":"2012-10-17",陈述": [{"Sid":",效果":允许",主要的": {"AWS":"*"},"Action":"es:*",状况": {IP地址": {"aws:SourceIp":["111.222.333.444/32"]}},资源":"arn:aws:es:us-west-2:123456789012:domain/mydomain/*"}] 要了解有关如何控制对Amazon Elasticsearch Service域的访问的更多信息,请 解决方案
Amazon ES supports three types of access policies:
Resource-based Policies
Identity-based Policies
IP-based Policies
To get detailed information, about how to create your own custom policies you can go through these official documentation :
Identity and Access Management in Amazon Elasticsearch Service
Fine-Grained Access Control in Amazon Elasticsearch Service
To configure access policies, you also get some templates, modifying which you can create your own policies.
You can create IP-based restrictions, you can restrict Amazon ES endpoint access to certain AWS accounts or users
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"111.222.333.444/32"
]
}
},
"Resource": "arn:aws:es:us-west-2:123456789012:domain/mydomain/*"
}
]
To know more about How to Control Access to Your Amazon Elasticsearch Service Domain this
这篇关于AWS ElasticSearch域创建权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
