100 Days of DevOps — Day 11- Restricting S3 Bucket Access to Specific IP Addresses
Check the updated 101 Days of DevOps Course
Course Registration link: https://www.101daysofdevops.com/register/
Course Link: https://www.101daysofdevops.com/courses/101-days-of-devops/
YouTube link: https://www.youtube.com/user/laprashant/videos
Welcome to Day 11 of 100 Days of DevOps, Let continue our journey with IAM and let discuss one of the common topic/requirement I often encounter in our daily jobs where I need to restrict S3 access from specific IP address.
Problem: Restrict S3 bucket access(Get/Put Operation from specific IP)
Solution: This can be done using the S3 bucket policies
S3 Bucket policies come under Resource Policies that control who has access to the specific resource.
Step1:
Go to S3 console https://s3.console.aws.amazon.com/s3/home?region=us-west-2 → Specific Bucket → Permissions → Bucket Policy → Policy 
Step2: Fill all the details
* Effect: Allow
* Principal: *
* AWS Service: Amazon S3
* Action: Select GetObject and PutObject
* Amazon Resource Name(ARN): <arn of your S3 bucket>/* <--Don't forget to Put /* at the end
Add Conditions
* Condition: IpAddress
* Key: aws:SourceIp
* Value: 192.168.0.2/24 (Specify your IP Address)Final Policy will look like this
- Step3: Copy paste this policy to the Bucket Policy Editor and save it
- Step4: Test it
AWS CLI
* Create a json file bucketpolicy.json
* aws s3api put-bucket-policy --bucket my-test-bucket --policy file://bucketpolicy.jsonTerraform
GitHub link
Looking forward from you guys to join this journey and spend a minimum an hour every day for the next 100 days on DevOps work and post your progress using any of the below medium.
- Twitter: @100daysofdevops OR @lakhera2015
- Facebook: https://www.facebook.com/groups/795382630808645/
- Medium: https://medium.com/@devopslearning
- Slack: https://devops-myworld.slack.com/messages/CF41EFG49/
- GitHub Link:https://github.com/100daysofdevops
Reference
