Amazon S3 files access policy based on IP Address

Daniel Cukier picture Daniel Cukier · Jul 12, 2012 · Viewed 39.6k times · Source

Is there any way to limit the access of a file stored in Amazon S3 based on the client IP address?

I have a file stored there, which should be access only by specific IP address. How to do this?

Answer

gview picture gview · Jul 12, 2012

Yes there is, although I have not used this myself.

S3 supports granular control over buckets and objects in them using "Access Policy Language". There is specific whitelist and blacklist IP statements available. You will have to write the APL statements and upload them, however.

http://docs.amazonwebservices.com/AmazonS3/latest/dev/AccessPolicyLanguage.html

Here are 2 condition section examples:

Whitelist

"Condition" :  {
       "IpAddress" : {
          "aws:SourceIp" : ["192.168.176.0/24","192.168.143.0/24"]
      }
}

Blacklist

"Condition" :  {
       "NotIpAddress" : {
          "aws:SourceIp" : ["192.168.176.0/24","192.168.143.0/24"]
      }
}