0

A have a bucket with a public read policy. Now I want to restrict access to some of the objects in order to be accessible only from some IP adresses. Is this possible?

I also plan to add CloudFront. What should I do to keep the same settings on each object?

Thanks!

Improve this question

1 Answer 1

Reset to default
5

You can use S3 bucket policy. But instead of individual files it will be applied to individual folders in the bucket. You can use policy like the following:

  {
        "Version": "2008-10-17",
        "Id": "testPolicy",
        "Statement": [

            {
                "Sid": "1",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "*"
                },
                "Action": "s3:GetObject",
                "Resource": "arn:aws:s3:::bucketname/subfolder/subfolder2/*",
                "Condition": {
                    "IpAddress": {
                        "aws:SourceIp": [
                            "xxx.xxx.xxx.xxx/xx",
                            "xxx.xxx.xxx.xxx/xx"
                        ]
                    }
                }
            }
        ]
    }

User your bucket name and folder names, and IPs.

Note: Please try it first on a non production bucket.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Ok thanks for the response. However I really need to work on each file and not on folders. Is there any way to update directly the ACL of the object in order to restrict access to some IP adresses ?
@Dorian It is basically the same thing, but rather than having a statement with a wildcard value in the Resource definition, you would have multiple statements, each specifically referring to the exact resource you want the policy to apply to.
@Dorian As Mike has pointed out you can define it for individual objects also. My mistake in not stating that.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.