Saruni
home
about
blog
bookshelf
faq
projects
snippets
CV
Create an S3 policy where it can only be accessed from a single IP address
{ "Version": "2012-10-17", "Statement": [ { "Sid": "IPAllow", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::${bucket_name}/*", "Condition": { "IpAddress": { "aws:SourceIp": "${source_ip}" } } } ] }
Here you can fill in the variables to customize your command. You can also click button below to grab the url with the variables you already filled in. Visiting that url will pre-fill them in you next visit. That allows you to customize and save your snippets. You don't have to fill all the variables, just the ones you think will change less often.
copy the url
copy
json
{ 
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "IPAllow",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::${bucket_name}/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "${source_ip}"
                }
            }
        }
    ]
}

This achieves the same thing as a normal GetObject except the bucket will only be reachable through a certain IP. Ideal for some staging scenario.

Example:

copy
json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "IPAllow",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::somebucketname/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "2342.24323.234.234/32"
                }
            }
        }
    ]
}