I have an ElasticSearch ip based access policy. I know I can deny based on resources and actions (GET, POST, DELETE, etc). POST, however is a specific beast and can be used to both query and alter data. How do I allow queries to occur and yet prevent alteration of data? Here is an example ip based access policy that I am expanding on. Certain applications will need POST to function. Analysts, however, should only be able to query the data, so GET, and POST for queries, but I don't want them to be able to alter the data in any manner (no DELETE, PUT, or POST that will alter data).
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"es:ESHttpGET"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"192.0.2.0/24"
]
}
},
"Resource": "arn:aws:es:us-west-1:987654321098:domain/test-domain/*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"es:ESHttpGET"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"192.0.2.0/24"
]
}
},
"Resource": "arn:aws:es:region:aws-account-id:domain/domain-name/test-index/_search"
},
]
}
