Language:

Search

How to Setup AWS S3 Access From Specific IPs

Sushan Shrestha By Sushan Shrestha

Aug 09, 2023 4 mins read
  • Share this:

 

aws-gateway-s3-01.jpg


By default, accounts are restricted from accessing S3 unless they have been given access via policy. However, S3 is designed by default to allow any IP address access. So to block IP's you would have to specify denies explicitly in the policy instead of allows.

Allow Access to Specific IP Addresses
 

 <div class="code">  
 {  
   "Id": "S3PolicyId1",  
   "Statement": [  
     {  
       "Sid": "IPDeny",  
       "Effect": "Deny",  
       "Principal": {  
         "AWS": "*"  
       },  
       "Action": "s3:*",  
       "Resource": "arn:aws:s3:::bucket/*",  
       "Condition": {  
         "IpAddress": {  
           "aws:SourceIp": "54.240.143.188/32"  
         }  
       }  
     }  
   ]  
 }  
 </div>


Restrict Access to Specific IP Addresses
 

 {  
  "Version": "2012-10-17",  
  "Id": "S3PolicyId1",  
  "Statement": [  
   {  
    "Sid": "IPAllow",  
    "Effect": "Allow",  
    "Principal": "*",  
    "Action": "s3:*",  
    "Resource": "arn:aws:s3:::bucket/*",  
    "Condition": {  
      "NotIpAddress": {"aws:SourceIp": "54.240.143.188/32"}   
    }   
   }   
  ]  
 }
This could be used as well for added layers of security with your existing applications that use/access S3 - not just nodes within a VPC. I hope this helps someone out there from any undue stress when trying to securing your S3 access.
Sushan Shrestha

Sushan Shrestha

Join me on a captivating journey as I unravel the complexities of maintaining digital infrastructures, troubleshooting labyrinthine networks, and safeguarding the virtual realms from the shadows. Together, we'll explore the challenges and where every click and command shapes the digital destiny.

Related posts
You might be interested in
Your experience on this site will be improved by allowing cookies Cookie Policy