- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Update publicly accessible Amazon Elasticsearch domains to block unsigned requests.
Updating your Amazon Elasticsearch domain to a private domain ensures your data cannot be accessed or altered by unauthorized users.
If you are using OpenSearch Service Domains, refer to Amazon’s guide for creating and managing Amazon OpenSearch Service domains for both console and CLI remediation actions.
Follow the Configuring Access Policies docs to learn how to update your publicly accessible Amazon Elasticsearch domains in the AWS Console.
Create a new policy JSON document. You can follow the Amazon Elasticsearch templated policy to create a custom policy that grants domain access only to a specific IP.
ip-based-policy.json
{
...
"Statement": [
...
"Action": "es:*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"54.197.25.93/32"
]
}
},
"Resource": "arn:aws:es:123456789123:
domain/es-cluster/*"
}
]
}
Run update-elasticsearch-domain-config
using the name of the Elasticsearch domain created in the previous step.
ip-based-policy.json
aws es update-elasticsearch-domain-config
--domain-name es-cluster
--access-policies file://ip-based-policy.json