amazon web services - AWS IAM Policy - allow from IP Addresses AND allow Firehose -


i'm trying set es instance allows access couple of ip addresses, in addition allowing kinesis firehose iam role deliver data instance.

i'm having trouble combining 2 policies though. each 1 works on own. ip address policy in place, can view es kibana, can't deliver data firehose. likewise firehose policy, can deliver data not query es.

can me see error in constructing access policy?

here's policy on es instance:

"statement": [     {       "effect": "allow",       "principal": {         "aws": "arn:aws:iam::iiiiiiiiiiii:role/firehose_delivery_role"       },       "action": "es:*",       "resource": "arn:aws:es:us-west-2:iiiiiiiiiiii:domain/es-test/*"     },     {       "sid": "1",       "effect": "allow",       "principal": {         "aws": "*"       },       "action": "es:*",       "resource": "arn:aws:es:us-west-2:iiiiiiiiiiii:domain/es-test/*",       "condition": {         "ipaddress": {           "aws:sourceip": [             "xxx.xxx.xx.xxx",             "yyy.yy.y.yyy"           ]         }       }     } ] 

  1. add following prior statement: "version": "2012-10-17",
  2. for source ip's, have specified subnet mask /32 or /24? it's required per http://docs.aws.amazon.com/iam/latest/userguide/reference_policies_elements.html#conditions_ipaddress
  3. add unique "sid" first statement, have 1 2nd statement. documentation says it's optional, have working policy close yours except these differences.

Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -