我们一直在使用AWS,特别是SimpleDB开展协作项目。最近,我们的SDB成本一直在上升,我们正试图找出正在发生的事情。有没有办法找出哪个IP地址连接到它?
编辑:如果我们无法找到哪些IP正在访问SDB以从中获取数据,那么至少可以确定我们的每个SDB域在查询域数方面的查询数量和/或从域中提取的数据总量?
答案 0 :(得分:0)
AWS IAM允许您使用AWS IAM AWS-Wide Policy Keys将条件置于用户的IP地址上。这是链接 - For Managing Users for Amazon SimpleDB using AWS IAM。
以下是仅在来自特定IP地址或范围时才允许请求的示例。 source
Allow requests only if they come from a certain IP address or range
This policy is for an IAM group that all users in a company belong to. The policy denies access to all actions in the account unless the request comes from the IP range 192.0.2.0 to 192.0.2.255 or 203.0.113.0 to 203.0.113.255. (The policy assumes the IP addresses for the company are within the specified ranges.) A typical use is for Amazon VPC, where you might expect all your users' requests to originate from a particular IP address, and so you want to deny requests from any other address.
{
"Version": "2012-10-17",
"Statement":[{
"Effect":"Deny",
"Action":"*",
"Resource":"*",
"Condition":{
"NotIpAddress":{
"aws:SourceIp":["192.0.2.0/24", "203.0.113.0/24"]
}
}
}
]
}