Amazon web services S3 Bucket策略帮助需要额外将一个文件限制为特定IP
根据下面给出的存储桶策略,我已将整个存储桶的读取权限限制为特定IP,例如Amazon web services S3 Bucket策略帮助需要额外将一个文件限制为特定IP,amazon-web-services,amazon-s3,Amazon Web Services,Amazon S3,根据下面给出的存储桶策略,我已将整个存储桶的读取权限限制为特定IP,例如1.1.1.0&2.2.2.0 里面有一个文件,s3://MYBUCKET/onefile.txt,我想给它另一组IP读访问权限,例如3.3.3.0和4.4.4.0。因此,现在只能通过3.3.3.0和4.4.4.0访问onefile.txt,而不能通过1.1.0和2.2.2.0或任何其他方式访问 我怎样才能做到这一点 当前权限>存储桶策略(例如) 除了策略中的现有语句之外,还为该文件onefile.txt添加显式拒绝和允许语
1.1.1.0
&2.2.2.0
里面有一个文件,s3://MYBUCKET/onefile.txt
,我想给它另一组IP读访问权限,例如3.3.3.0
和4.4.4.0
。因此,现在只能通过3.3.3.0
和4.4.4.0
访问onefile.txt
,而不能通过1.1.0
和2.2.2.0
或任何其他方式访问
我怎样才能做到这一点
当前权限>存储桶策略(例如)
除了策略中的现有语句之外,还为该文件
onefile.txt
添加显式拒绝和允许语句
更新的bucket策略如下所示:
{
"Version": "2012-10-17",
"Id": "http referer policy",
"Statement": [
{
"Sid": "MY RESTRICTED REQUESTS",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::MYBUCKET/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"1.1.1.0/20",
"2.2.2.0/22"
]
}
}
},
{
"Sid": "MY RESTRICTED REQUESTS_1",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::MYBUCKET/onefile.txt",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"3.3.3.0/20",
"4.4.4.0/22"
]
}
}
},
{
"Sid": "MY RESTRICTED REQUESTS_2",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::MYBUCKET/onefile.txt",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"1.1.1.0/20",
"2.2.2.0/22"
]
}
}
}
]
}
{
"Version": "2012-10-17",
"Id": "http referer policy",
"Statement": [
{
"Sid": "MY RESTRICTED REQUESTS",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::MYBUCKET/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"1.1.1.0/20",
"2.2.2.0/22"
]
}
}
},
{
"Sid": "MY RESTRICTED REQUESTS_1",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::MYBUCKET/onefile.txt",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"3.3.3.0/20",
"4.4.4.0/22"
]
}
}
},
{
"Sid": "MY RESTRICTED REQUESTS_2",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::MYBUCKET/onefile.txt",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"1.1.1.0/20",
"2.2.2.0/22"
]
}
}
}
]
}