S3Express: Amazon S3 Command Line Utility

Amazon S3 command line utility for Windows. Copy, query, backup multiple files to S3 using the Windows command line.

S3Express FAQ and Knowledge Base

Main Page > Browse Categories > Security Considerations > Restricting access to a S3 bucket to specific IP addresses

Restricting access to a S3 bucket to specific IP addresses

To make our uploads or backup on Amazon S3 even more secure, we can restrict access to a S3 bucket to specific IP addresses. 

The following bucket policy grants permissions to any user to perform any S3 action on objects in the specified bucket. However, the request must originate from the range of IP addresses specified in the condition. The condition in this statement identifies 192.168.143.* range of allowed IP addresses with one exception, 192.168.143.188.

{
    "Version": "2012-10-17",
    "Id": "S3PolicyIPRestrict",
    "Statement": [
        {
            "Sid": "IPAllow",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::bucket/*",
            "Condition" : {
                "IpAddress" : {
                    "aws:SourceIp": "192.168.143.0/24"
                },
                "NotIpAddress" : {
                    "aws:SourceIp": "192.168.143.188/32"
                }
            }
        }
    ]
}

The IPAddress and NotIpAddress values specified in the condition uses CIDR notation described in RFC 2632. For more information, go to www.rfc-editor.org/rfc/rfc4632.txt



User Comments
Add Comment
There are no user comments for this topic.
Add Comment
Attachments
No attachments

Did this help you?
Yes No

Statistics
54% found this information useful

Other Options
Printable Version

Download
Download S3Express

S3Express Manual
 HTML   PDF

 A printable version of the entire FAQ and Knowledge Base is also available.
 For further queries, please contact us by e-mail at support@s3express.com