Skip to content
Snippets Groups Projects
Commit b53064cc authored by MIchael Nguyen's avatar MIchael Nguyen
Browse files

updating

parent ce07f4a1
No related branches found
No related tags found
1 merge request!6Trusted ibm
Hide whitespace changes
Inline Side-by-side
provider/indexer-aws/CloudFormation/Automated/elasticsearch.yml
+ 23
16
View file @ b53064cc
......@@ -184,22 +184,29 @@ Resources:
SnapshotOptions:
AutomatedSnapshotStartHour: "0"
AccessPolicies:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
AWS:
- !Sub arn:aws:iam::${AWS::AccountId}:root
- Fn::ImportValue:
!Sub "${Environment}-IndexerServiceIamUserArn"
# TODO: need to create cognito user and identity pool and link it to principal for dynamic creation
- "arn:aws:iam::888733619319:role/Cognito_osduelasticsearchAuth_Role"
Action:
- "es:*"
- 'cognito-identity:*'
- 'cognito-idp:*'
- 'sts:AssumeRole'
Resource: !Sub arn:aws:es:us-east-1:846973539254:domain/${Environment}-${ElasticsearchDomainName}/*
- Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
AWS:
- !Sub arn:aws:iam::${AWS::AccountId}:root
- Fn::ImportValue:
!Sub "${Environment}-IndexerServiceIamUserArn"
# TODO: need to create cognito user and identity pool and link it to principal for dynamic creation
- "arn:aws:iam::888733619319:role/Cognito_osduelasticsearchAuth_Role"
Action:
- "es:*"
- 'es:ESHttp*'
- 'cognito-identity:*'
- 'cognito-idp:*'
- 'sts:AssumeRole'
Resource: !Sub arn:aws:es:us-east-1:846973539254:domain/${Environment}-${ElasticsearchDomainName}/*
- "Version": "2012-10-17"
"Statement":
- "Effect": "Allow"
"Action":
- "iam:PassRole"
"Resource": "arn:aws:iam::888733619319:role/service-role/CognitoAccessForAmazonES"
AdvancedOptions:
rest.action.multi.allow_explicit_index: "true"
Tags:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment