lnxph-devops-sareno/README.md

Created April 2, 2025 04:54

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/lnxph-devops-sareno/9ac172d5b8b6c9a988cb4409fa1fbc54.js"></script>
Save lnxph-devops-sareno/9ac172d5b8b6c9a988cb4409fa1fbc54 to your computer and use it in GitHub Desktop.

Download ZIP

AWS S3 IP whitelisting using Bucket Policy

Raw

README.md

Bucket Policy

There are cases where we need to restrict IPs from accessing S3 bucket. But we also know that it's not possible to use Security Groups in S3 buckets. Luckily, there's a Bucket Policy where we can add IP restrictions that will act as a Firewall.

Example

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::my-bucket/*",
            "Condition": {
                "NotIpAddress": {
                    "aws:SourceIp": [
                        "57.7.22.46/32",
                        "10.128.44.64/27"
                    ]
                }
            }
        }
    ]
}

Reference: https://repost.aws/knowledge-center/block-s3-traffic-vpc-ip