It's currently:
"RolePolicies": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "elasticsearch",
"PolicyDocument": {
"Statement": [ {
"Effect": "Allow",
"Action": "*",
"Resource": "*"
} ]
},
"Roles": [ { "Ref": "ElasticsearchRole" } ]
}
},
this will give the elasticsearch instances full access to the AWS account. The statement could be further restricted:
"Statement": [
{
"Effect": "Allow",
"Action": "EC2:Describe*",
"Resource": "*"
}
]
It's currently:
this will give the elasticsearch instances full access to the AWS account. The statement could be further restricted: