How To Enable S3 Bucket Access With IP Address

2021/2/232 min read
bookmark this

S3, Amazon Simple Storage Service is an object cloud storage service can store data on the cloud and designed of 99.999999999 (11 9's ) of durability. For example you can host image files, you can eitehr make the S3 bucket public so the images is public available so you can access to the file, or you can keep the remain the S3 as private but use the CloudFront to access the S3 file, this blog just shows how to make it public with specific IP Address. 

Modify the S3 bucket policy

If you have a S3 bucket and want to get access by the specific IP address, you can modify the bucket policy as following, replace the bucket name and IP adress.

For Single IP Address

{
    "Version": "2012-10-17",
    "Id": "S3PolicyId1",
    "Statement": [
        {
            "Sid": "IPAllow",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::{Your-S3-Bucket-Name}/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "{Your-IP-Address}/24"
                }
            }
        }
    ]
}

S3 Bucket with Multiple IP Address

If you have multiple IP Address you want to provide access, you can do as following.

{
    "Version": "2012-10-17",
    "Id": "S3PolicyId1",
    "Statement": [
        {
            "Sid": "IPAllow",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::{Your-Bucket-Name}/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": [
                        "{Your-IP-Address-1}",
                        "{Your-IP-Address-2}"
                    ]
                }
            }
        }
    ]

Conclusion

It is very easy to use aws:SourceIP section to limit specific IP Address to access to the S3 bucket, if you just S3 bucket want to test it out, but dont' want to make it to the public so everyone can access then, you can simply add the IP address at the S3 policy editor.