I have an ES cluster setup within our VPC and attached to one of our private subnets. It's also attached to a security group allowing access from particular instances. I have the following policy attached:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": "our::arn:*"
}
]
}
My question is, from what I can tell, this should mean that publicly, this cluster should not be accessible right? I've done some testing and that seems correct but just want to make sure I am not missing anything