Restricting Access to S3 to a Specific IP Address

Amazon docs for Restricting Access to Specific IP Addresses shows how the bucket policy can be used to restrict to a range of IP addresses. I modified it to restrict access to one specific IP.

{
  "Version": "2012-10-17",
  "Id": "S3PolicyId1",
  "Statement": [
    {
      "Sid": "IPAllow",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::www.joaquinamenabar.com/*",
      "Condition": {
         "IpAddress": {"aws:SourceIp": "66.175.217.48"},
         "NotIpAddress": {"aws:SourceIp": "66.175.217.48"} 
      } 
    } 
  ]
}

The bucket name is www.joaquinamenabar.com and the IP address is 66.175.217.48. This IP is pointing to this site: letsdance.joaquinamenabar.com. Note that bucket name is different from the actual site that will access the S3 content.

Select the bucket and go to the Permissions tab >> Bucket Policy

bucket policy editor

Enter the bucket policy JSON in the text area:

permissions tab

You can now save the bucket policy.

bucket policy

Restricting Access to a Specific HTTP Referrer

Why not restrict access to a specific HTTP referrer? Something like this:

{
  "Version":"2012-10-17",
  "Id":"http referer policy example",
  "Statement":[
    {
      "Sid":"Allow get requests originating from www.example.com and example.com.",
      "Effect":"Allow",
      "Principal":"*",
      "Action":"s3:GetObject",
      "Resource":"arn:aws:s3:::examplebucket/*",
      "Condition":{
        "StringLike":{"aws:Referer":["http://www.example.com/*","http://example.com/*"]}
      }
    }
  ]
}

will not work. Because, it can be circumvented by using cURL command. You can use anything as the referrer with the cURL command. Testing your bucket policy changes immediately will not work. The changes to the bucket policy will take some time to take effect. Relax, play with your dogs and test it later.

Reference

Bucket Policy Examples


Related Articles


Ace the Technical Interview

  • Easily find the gaps in your knowledge
  • Get customized lessons based on where you are
  • Take consistent action everyday
  • Builtin accountability to keep you on track
  • You will solve bigger problems over time
  • Get the job of your dreams

Take the 30 Day Coding Skills Challenge

Gain confidence to attend the interview

No spam ever. Unsubscribe anytime.