Amazon S3 files access policy based on IP Address

amazon-web-services security amazon-s3 policy
Daniel Cukier picture Daniel Cukier · Jul 12, 2012 · Viewed 39.6k times · Source

Is there any way to limit the access of a file stored in Amazon S3 based on the client IP address?

I have a file stored there, which should be access only by specific IP address. How to do this?

Answer

gview picture gview · Jul 12, 2012

Yes there is, although I have not used this myself.

S3 supports granular control over buckets and objects in them using "Access Policy Language". There is specific whitelist and blacklist IP statements available. You will have to write the APL statements and upload them, however.

http://docs.amazonwebservices.com/AmazonS3/latest/dev/AccessPolicyLanguage.html

Here are 2 condition section examples:

Whitelist

"Condition" :  {
       "IpAddress" : {
          "aws:SourceIp" : ["192.168.176.0/24","192.168.143.0/24"]
      }
}

Blacklist

"Condition" :  {
       "NotIpAddress" : {
          "aws:SourceIp" : ["192.168.176.0/24","192.168.143.0/24"]
      }
}

Related questions

How to close Boto S3 connection?

I'm using Boto to connect to Amazon S3 in my Python program. I'm able to open a connection and upload files to a bucket. I figured I should then close the connection to release resources and, more important, to avoid …

Read More
How do I log in to AWS Console with an IAM user account?

I have created an IAM user account. Now I want to connect with this user to the AWS console. AWS says: For Users who need access to the AWS Management Console, create a password in the Users panel after completing …

Read More
where do I keep my amazon .pem file on a mac

Where should I keep this file for security? At the moment it is on my desktop - should I put it somewhere else?

Read More