[英]AWS access policy to allow access from an IP address or an IAM user
I am using AWS Elasticsearch and I need to setup an access policy to allow access from fixed IP to access the Kibana
and the web interface. 我正在使用AWS Elasticsearch,并且需要设置访问策略以允许从固定IP访问以访问
Kibana
和Web界面。 I also want to allow a specific user access key to be able to access it from any IP, as the records will be inserted from our servers. 我还希望允许特定的用户访问密钥能够从任何IP访问它,因为将从我们的服务器中插入记录。
So it boils down to create a policy where I need an or
relation between IP
and ARN
. 所以它归结为创建一个策略,我需要一个
or
关系IP
和ARN
。
Here is how my IP policy looks like: 这是我的IP政策的样子:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:xxxxxx:domain/xxxx-xxxx-xxx/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "xxx.xx.xx.173"
}
}
}
]
}
and here is how my ARN policy looks like: 这是我的ARN政策的样子:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::xxxxxxxxx:user/xxxx"
]
},
"Action": [
"es:*"
],
"Resource": "arn:aws:es:us-west-2:xxxxxxxxx:domain/xxxxxxxxxxxxxxxx/*"
}
]
}
How can I get an or relation between them? 如何获得它们之间的关系?
If I'm understanding your question properly you should be able to achieve what you want by adding the two statement objects into the statement
array like: 如果我正确理解了您的问题,则应该通过将两个语句对象添加到
statement
数组中来实现所需的功能,例如:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-west-2:xxxxxx:domain/xxxx-xxxx-xxx/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "xxx.xx.xx.173"
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::xxxxxxxxx:user/xxxx"
]
},
"Action": [
"es:*"
],
"Resource": "arn:aws:es:us-west-2:xxxxxxxxx:domain/xxxxxxxxxxxxxxxx/*"
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.