Reputation: 443
Restricting Access to S3 to a Specific IP Address
I have a bucket policy that I customized from the AWS S3 docs, instead of range of IP addresses, I changed it for just one IP. The bucket name is : www.joaquinamenabar.com. The IP address 66.175.217.48 corresponds to the sub-domain: https://letsdance.joaquinamenabar.com/
{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::www.joaquinamenabar.com/*",
"Condition": {
"IpAddress": {"aws:SourceIp": "66.175.217.48"},
"NotIpAddress": {"aws:SourceIp": "66.175.217.48"}
}
}
]
}
The files are not available for public. I generate links using aws-sdk that expires after some time. The problem is the link is accessible from any IP. It has been more than a week since I changed the configuration. The changes should have propagated by this time. Any ideas what is wrong with this configuration?
Upvotes: 0
Views: 820
Answers (1)
Reputation: 1103
It looks like the effect of this policy is to allow access from all IP's (66.175.217.48 and not 66.175.217.48). Remove the NotIpAddress specifier. I think you may need to specify the allowed Ip address in CIDR format too:
"IpAddress": {"aws:SourceIp": "66.175.217.48/32"}
Upvotes: 2
Related Questions
- S3 access policy to allow download to a specific IP address
- Restrict access to website hosted on S3
- How to make S3 objects readable only from certain IP addresses?
- How do I restrict access of my S3 web site to specific domains or IP addresses?
- S3 Bucket Policy help needed to additionally restrict one file to specific IPs
- Deny access to AWS S3 to all IPs except specific ranges
- Amazon S3 files access policy based on IP Address
- Accessing Amazon S3 resources using IP address
- Restrict access to S3 hosted website without whitelisting ips
- Restrict access to S3 bucket by IP without affecting IAM credentials