AWS ES Access Settings Example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "1",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:ap-southeast-2:389920326251:domain/sharedservices/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "10.130.100.206/32",
            "54.66.242.28/32"
          ]
        }
      }
    },
    {
      "Sid": "2",
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "AIDAIMZ4NDQ4XT3DZRZQC",
          "arn:aws:iam::389920326251:user/scotts"
        ]
      },
      "Action": "*",
      "Resource": "arn:aws:es:ap-southeast-2:389920326251:domain/sharedservices/*"
    },
    {
      "Sid": "3",
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::389920326251:role/Logstash-SharedServices-APSE2",
          "arn:aws:iam::389920326251:role/Scripts-TicketekProduction-APSE2"
        ]
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:ap-southeast-2:389920326251:domain/sharedservices/*"
    }
  ]
}