Is there any way to limit the access of a file stored in Amazon S3 based on the client IP address?
I have a file stored there, which should be access only by specific IP address. How to do this?
To allow users to perform S3 actions on the bucket from the VPC endpoints or IP addresses, you must explicitly allow the user-level permissions. You can explicitly allow user-level permissions on either an AWS Identity and Access Management (IAM) policy or another statement in the bucket policy.
You can restrict access to objects in your bucket to specific IP address by attaching policy which contains allowed IP address range in the "Condition" statement.
S3 IP addresses are consumed from a AWS-owned network range that differs based on the geographical location. Your our subnet IP's won't be affected by your S3 endpoints.
Yes there is, although I have not used this myself.
S3 supports granular control over buckets and objects in them using "Access Policy Language". There is specific whitelist and blacklist IP statements available. You will have to write the APL statements and upload them, however.
http://docs.amazonwebservices.com/AmazonS3/latest/dev/AccessPolicyLanguage.html
Here are 2 condition section examples:
Whitelist
"Condition" : { "IpAddress" : { "aws:SourceIp" : ["192.168.176.0/24","192.168.143.0/24"] } }
Blacklist
"Condition" : { "NotIpAddress" : { "aws:SourceIp" : ["192.168.176.0/24","192.168.143.0/24"] } }
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With