是否有任何方法可以限制文档上传访问IP,同时允许在AWS Cloudsearch中搜索Principal?所有政策示例似乎都允许其中一个。
答案 0 :(得分:1)
这应该这样做:
{
"Version": "2012-10-17",
"Statement":[
{
"Sid": "search_only",
"Effect": "Allow",
"Action": ["cloudsearch:search"],
"Principal": {"AWS":["arn:aws:iam::111122223333:root"]}
},
{
"Sid": "upload_only",
"Effect": "Allow",
"Principal": "*",
"Action": ["cloudsearch:document"],
"Condition": {"IpAddress":{"aws:SourceIp":"192.0.2.0/32"}}
}
]
}
这是基于http://docs.aws.amazon.com/cloudsearch/latest/developerguide/configuring-access.html#policy-examples
的示例