允许从IP地址或IAM用户进行访问的AWS访问策略
[英]AWS access policy to allow access from an IP address or an IAM user
问题描述
I am using AWS Elasticsearch and I need to setup an access policy to allow access from fixed IP to access the Kibana and the web interface. 
我正在使用AWS Elasticsearch,并且需要设置访问策略以允许从固定IP访问以访问Kibana和Web界面。 I also want to allow a specific user access key to be able to access it from any IP, as the records will be inserted from our servers. 我还希望允许特定的用户访问密钥能够从任何IP访问它,因为将从我们的服务器中插入记录。
So it boils down to create a policy where I need an or relation between IP and ARN . 所以它归结为创建一个策略,我需要一个or关系IP和ARN 。
Here is how my IP policy looks like: 这是我的IP政策的样子:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:xxxxxx:domain/xxxx-xxxx-xxx/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "xxx.xx.xx.173"
}
}
}
]
}
and here is how my ARN policy looks like: 这是我的ARN政策的样子:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::xxxxxxxxx:user/xxxx"
]
},
"Action": [
"es:*"
],
"Resource": "arn:aws:es:us-west-2:xxxxxxxxx:domain/xxxxxxxxxxxxxxxx/*"
}
]
}
How can I get an or relation between them? 如何获得它们之间的关系?
1 个解决方案
解决方案1
1 2017-08-28 11:42:22
If I'm understanding your question properly you should be able to achieve what you want by adding the two statement objects into the statement array like: 如果我正确理解了您的问题,则应该通过将两个语句对象添加到statement数组中来实现所需的功能,例如:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:xxxxxx:domain/xxxx-xxxx-xxx/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "xxx.xx.xx.173"
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::xxxxxxxxx:user/xxxx"
]
},
"Action": [
"es:*"
],
"Resource": "arn:aws:es:us-west-2:xxxxxxxxx:domain/xxxxxxxxxxxxxxxx/*"
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.