How to restrict access to a bucket to specific IP address?

You can restrict access to objects in your bucket to specific IP address by attaching policy which contains allowed IP address range in the "Condition" statement.

Below is a sample example of a policy which restricts access to two IP addresses.

  • 179.22.0.0/16 restricts all IP address within the /16 subnet &
  • 129.34.67.24/32 restricts just that specific IP address
{
  "Id": "Policy1512590315712",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1512590314407",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "*",
      "Resource": [
        "arn:aws:s3:::my-bucket",
        "arn:aws:s3:::my-bucket/*"
      ],
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": ["179.22.0.0/16","129.34.67.24/32"]
        }
      }
    }
  ]
}
Have more questions? Submit a request