Skip to content

Instantly share code, notes, and snippets.

@logogin
Forked from pschipitsch/access_policy.template
Created April 18, 2017 15:25
Show Gist options
  • Save logogin/3cca0675de0eaf81b590eb878b5f16fd to your computer and use it in GitHub Desktop.
Save logogin/3cca0675de0eaf81b590eb878b5f16fd to your computer and use it in GitHub Desktop.
AWS Elasticsearch Service Access Policy Terraform Template
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"es:ESHttpGet",
"es:ESHttpHead",
"es:ESHttpPost",
"es:ESHttpPut"
],
"Resource": "arn:aws:es:${region}:*:domain/${domain_name}/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [${logstash_ips}]
}
}
},
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"es:ESHttpGet",
"es:ESHttpHead"
],
"Resource": "arn:aws:es:${region}:*:domain/${domain_name}/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [${kibana_ips}]
}
}
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "es:ESHttpPost",
"Resource": "arn:aws:es:${region}:*:domain/${domain_name}/*/_msearch",
"Condition": {
"IpAddress": {
"aws:SourceIp": [${kibana_ips}]
}
}
},
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"es:ESHttpDelete",
"es:ESHttpGet",
"es:ESHttpHead",
"es:ESHttpPost",
"es:ESHttpPut"
],
"Resource": "arn:aws:es:${region}:*:domain/${domain_name}/.kibana-4/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [${kibana_ips}]
}
}
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "es:ESHttpPost",
"Resource": "arn:aws:es:${region}:*:domain/${domain_name}/.kibana-4",
"Condition": {
"IpAddress": {
"aws:SourceIp": [${kibana_ips}]
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment