Created
May 23, 2012 01:54
-
-
Save ScottPhillips/2772811 to your computer and use it in GitHub Desktop.
Amazon S3 Bucket Policy : Restrict Access to 1 IP Adress
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This statement grants permissions to any user to perform any S3 action on objects in the specified bucket. However, the request must originate from the range of IP addresses specified in the condition. The condition in this statement identifies 192.168.143.* range of allowed IP addresses with one exception, 192.168.143.188. | |
| Note that the IPAddress and NotIpAddress values specified in the condition uses CIDR notation described in RFC 2632. For more information, go to http://www.rfc-editor.org/rfc/rfc4632.txt. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2008-10-17", | |
| "Id": "S3PolicyId1", | |
| "Statement": [ | |
| { | |
| "Sid": "IPAllow", | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": "*" | |
| }, | |
| "Action": "s3:*", | |
| "Resource": "arn:aws:s3::: YOUR_S3_BUCKET_NAME/*", | |
| "Condition" : { | |
| "IpAddress" : { | |
| "aws:SourceIp": "192.168.143.0/24" | |
| }, | |
| "NotIpAddress" : { | |
| "aws:SourceIp": "192.168.143.188/32" | |
| } | |
| } | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment