[英]Access to AWS Elasticsearch from my VPN is not working when providing IP-based Access Policy
我在AWS中有一个Elasticsearch域。 我创建了一个基于IP的访问策略,并试图在此提供我的所有VPN CIDR块,以便我可以让该VPN中的所有计算机访问Elasticsearch和Kibana并在Elasticsearch域上运行一些curl命令。
我从ipconfig尝试了我的IP地址->不起作用
我尝试从Google(公共IP Adrees)访问我的IP地址-> Works
我尝试了我的VPN CIDR阻止=>不起作用
"Condition": {
"IpAddress": {
"aws:SourceIp": "x.x.x.x/16"
}
}
IP地址应为数组
"Condition": {
"IpAddress": {"aws:SourceIp": ["youip1/32"]}
}
而且我想知道您是否错过了政策中的资源
"Resource": "arn:aws:es:us-west-2:${data.aws_caller_identity.user.account_id}:domain/test/*",
这是您可以尝试的工作示例
# Creating ElasticSearch Domain with Policy
resource "aws_elasticsearch_domain" "test-domain" {
domain_name = "testes"
elasticsearch_version = "6.7"
cluster_config {
instance_type = "t2.small.elasticsearch"
instance_count = 2
}
ebs_options {
ebs_enabled = true
volume_size = 10
volume_type = "standard"
}
snapshot_options {
automated_snapshot_start_hour = 23
}
access_policies = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "es:*",
"Principal": "*",
"Effect": "Allow",
"Resource": "arn:aws:es:${var.region}:${data.aws_caller_identity.user.account_id}:domain/testes/*",
"Condition": {
"IpAddress": {"aws:SourceIp": ["VPN_public_IP/32", "1.2.3.4/32"]}
}
}
]
}
POLICY
tags = {
Domain = "testes-tag"
}
}
另外,请仔细检查VPN配置,它是否路由所有流量或特定流量,并在您从Google验证本地IP时验证VPN IP。 连接到VPN并检查您的IP在策略中添加该IP。
AWS Elasticsearch&VPC - 从我的固定IP配置网络访问
[英]AWS Elasticsearch & VPC - configuring network access from my fixed IP
向AWS Elasticsearch Service添加多个域访问策略(静态IP和Lambda ARN)
[英]Add multiple domain access policy to AWS Elasticsearch Service (Static IP and Lambda ARN)
AWS提供对其他帐户的假定角色的访问权限,以访问我帐户中的S3
[英]AWS Providing access to assumed role from another account to access S3 in my account
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.