user1130176
Reputation: 1878
S3 access policy to allow download to a specific IP address
I'm trying to implement a batch virus scanner. I have a cron job set up to periodically scan unscanned files stored on S3. Whenever I try to wget the file, I get a 403.
I've set up this policy:
{
"Version": "2012-10-17",
"Id": "S3PolicyIPRestrict",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "ip of my address/32"
}
}
}
]
}
Any idea what I'm doing wrong?
Upvotes: 0
Views: 1357
Answers (1)
uday reddy
Reputation: 494
Use the below bucket policy if you want to allow specfic ip address to access the files on s3 bucket.
{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::<bucket>",
"arn:aws:s3:::<bucket>/*"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": "<IP>/32"
}
}
}
]
}Upvotes: 1
Related Questions
- AWS S3 bucket - Allow download files to every IAM and Users from specific AWS Account
- AWS S3 | Allow grantee to ONLY download objects from the bucket
- How to download aws s3 files from client side without IAM, but only IP restriction?
- How do I restrict access of my S3 web site to specific domains or IP addresses?
- S3 Bucket Policy help needed to additionally restrict one file to specific IPs
- Deny access to AWS S3 to all IPs except specific ranges
- Restricting Access to S3 to a Specific IP Address
- Amazon S3 files access policy based on IP Address
- S3 bucket policy restricting to IP CIDR range
- Restrict access to S3 hosted website without whitelisting ips