Posted On: Mar 2, 2021

Amazon Elasticsearch Service now supports tag-based authorization for easy management of access to configuration APIs that are used for operations such as creating, modifying, or updating Amazon Elasticsearch Service domains.

You can create an Identity Policy in AWS Identity and Access Management (IAM) using Resource Tags that allows or denies access to specific configuration APIs for an Amazon Elasticsearch Service domain. You can use Request Tags or Tag Keys to control what tags can be used on a domain or passed in a request. In addition, tagging is now supported on resource creation, which means you can now add a tag when you create an Amazon Elasticsearch Service domain.

Tag-based authorization for configuration APIs is now available in 25 regions globally: US East (N. Virginia, Ohio), US West (Oregon, N. California), AWS GovCloud (US-Gov-East, US-Gov-West), Canada (Central), South America (Sao Paulo), EU (Ireland, London, Frankfurt, Paris, Stockholm, Milan), Asia Pacific (Singapore, Sydney, Tokyo, Seoul, Mumbai, Hong Kong, Osaka), Middle East (Bahrain), China (Beijing – operated by Sinnet, Ningxia – operated by NWCD), and Africa (Cape Town). Please refer to the AWS Region Table for more information about Amazon Elasticsearch Service availability.  

To learn more, please see the documentation.