How to download aws s3 files from client side without IAM, but only IP restriction?

Question

I'm new to s3 and here's what I got:

I have the URL of s3 some files in my db and I want to download them in my client app with that URL (e.g. https://my_s3_bucket_name.s3.amazonaws.com/sample_2-1591371022041.pdf).

I don't want to make it public to everyone but I don't want to make it available to only my IAM. Instead, I want to open to public to my client side web app url. i.e the file should only downloadable when the url is called from from http://my_client_app.com

I took reference form this and made a public policy for my public ip (and the ip address of where I host http://my_client_app.com) but it doesn't seems working, when I open the File URL from my browser I still get 403 forbidden.

my bucket policy:

{
    "Version": "2012-10-17",
    "Id": "S3PolicyId1",
    "Statement": [
        {
            "Sid": "IPAllow",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::my_bucket_name_hellobucket/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": [
                        "my_public_ip/24",
                        "my_aws_ec2_ip/24"
                    ]
                }
            }
        }
    ]
}

ps1: if I set read access to public, i'm able to download the file with the file URL

ps2: can anyone tell me what the "Id" means / when will it be used in the bucket policy?

Thanks!

Answer 1

Based on OP's feedback in the comment, setting "Principal": "*" should allow anonymous access.