将对S3的访问限制为特定的IP地址 [英] Restricting Access to S3 to a Specific IP Address
问题描述
我有一个从AWS S3文档中自定义的存储桶策略,而不是IP地址范围,而是仅更改了一个IP.值区名称是:www.joaquinamenabar.com.IP地址66.175.217.48对应于子域: https://letsdance.joaquinamenabar.com/
I have a bucket policy that I customized from the AWS S3 docs, instead of range of IP addresses, I changed it for just one IP. The bucket name is : www.joaquinamenabar.com. The IP address 66.175.217.48 corresponds to the sub-domain: https://letsdance.joaquinamenabar.com/
{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::www.joaquinamenabar.com/*",
"Condition": {
"IpAddress": {"aws:SourceIp": "66.175.217.48"},
"NotIpAddress": {"aws:SourceIp": "66.175.217.48"}
}
}
]
}
这些文件不公开.我使用aws-sdk生成链接,该链接会在一段时间后过期.问题是可以从任何IP访问链接.自从我更改配置以来已经过去了一个多星期.这些更改应该已经传播到这个时候了.您知道此配置有什么问题吗?
The files are not available for public. I generate links using aws-sdk that expires after some time. The problem is the link is accessible from any IP. It has been more than a week since I changed the configuration. The changes should have propagated by this time. Any ideas what is wrong with this configuration?
推荐答案
该策略的效果似乎是允许所有IP的访问(66.175.217.48而不是66.175.217.48).删除NotIpAddress说明符.我认为您可能还需要以CIDR格式指定允许的IP地址:
It looks like the effect of this policy is to allow access from all IP's (66.175.217.48 and not 66.175.217.48). Remove the NotIpAddress specifier. I think you may need to specify the allowed Ip address in CIDR format too:
"IpAddress": {"aws:SourceIp": "66.175.217.48/32"}
这篇关于将对S3的访问限制为特定的IP地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!