AWS Elasticsearch Service (IAM)

aws analytics

Amazon Elasticsearch Service (Amazon ES) makes it easy to deploy, operate, and scale Elasticsearch clusters in the AWS cloud.

Common permissions

es:DescribeDomaines:DescribeDomainses:ListDomainNameses:ListTagses:GetIndexes:CreateIndexes:UpdateIndexes:DeleteIndex

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "es:DescribeDomain",
        "es:DescribeDomains",
        "es:ListDomainNames",
        "es:ListTags",
        "es:GetIndex",
        "es:CreateIndex",
        "es:UpdateIndex",
        "es:DeleteIndex"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid es:* — grants full control including domain deletion and configuration changes.
Avoid es:DeleteDomain — can permanently remove an Elasticsearch domain and all its data.

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/es/es.json ↗

API

full doc /v1/iam/es