How create a AWS S3 bucket policy to grant access to specific IPs?

How create a AWS S3 bucket policy to grant access to specific IPs?

June 6, 2020 / Nirav Shah

Introduction

  • In this, we are going to learn about how to grant access to the bucket to specific tips to secure our bucket
  • So if the bucket is public no one can access the bucket if they are out of the allowed IP range
  • Eg: if there are multiple projects in a single account and are storing their static data in individual buckets so it is not a good practice that the server can access all the S3 buckets. If for any reason the server gets compromised the person/hacker will get the access of all the bucket so to stop this we can implement a bucket policy by which the specific Public IP or the Private IP only can access the data of the bucket programmatically.

Pre-requirements

  • Server public IP
  • Server private IP
  • Amazon S3 bucket

To create the policy and attach it to the bucket steps are as follow

    • Step 1: Select the bucket in which you want to apply the policy .
    • Step 2:In our case, we have created a new bucket name bucket-policy-access.
    • Step 3:Select permission on the top menu.
    • Step 4:Select Block Public Access and check that Block all public access is turned on.
    • Step :Now click on bucket policy.
    • Step 6:Add the following policy to the editor
      Please replace the bucket-name and bucket-name & private-ip-oftheserver/32 as shown in the image below
    • 	{
      	  "Version": "2012-10-17",
      	  "Id": "S3PolicyId1",
      	  "Statement": [
      	    {
      	      "Sid": "IPAllow",
      	      "Effect": "Allow",
      	      "Principal": "*",
      	      "Action": "s3:*",
      	      "Resource": "arn:aws:s3:::bucket-name/*",
      	      "Condition": {
      	        "IpAddress": {
      	          "aws:SourceIp": [
      	            "public-ip-oftheserver/32",
      	            "private-ip-oftheserver/32"
      	          ]
      	        }
      	      }
      	    }
      	  ]
      	}
      

    • Step 7:If it shows the “The block public access settings turned on for this bucket prevent granting public access.” then your policy is applied correctly.
    • Step 8:Now to verify the upload an object and try to access it via browser if it shows the below output policy is working.

Also Read: Backup WordPress site to AWS S3 bucket

FAQs:

  1. What is the size limit of S3 bucket policies?
  2. Can an S3 bucket have multiple policies?
  3. What does this S3 bucket policy do?

Talk to AWS Certified Consultant

    Spread Love By Sharing:

    Let’s Talk About Your Needed AWS Infrastructure Management Services

    Have queries about your project idea or concept? Please drop in your project details to discuss with our AWS Global Cloud Infrastructure service specialists and consultants.

    • Swift Hiring and Onboarding
    • Experienced and Trained AWS Team
    • Quality Consulting and Programming
    Let’s Connect and Discuss Your Project