基于IP地址的Amazon S3文件访问策略 [英] Amazon S3 files access policy based on IP Address

问题描述

是否有任何方法可以基于客户端IP地址限制对存储在Amazon S3中的文件的访问?

Is there any way to limit the access of a file stored in Amazon S3 based on the client IP address?

我有一个文件存储在该文件中，只能通过特定的IP地址访问该文件.该怎么做?

I have a file stored there, which should be access only by specific IP address. How to do this?

推荐答案

是的，尽管我自己没有使用过.

Yes there is, although I have not used this myself.

S3支持使用访问策略语言"对存储桶和其中的对象进行精细控制.有特定的白名单和黑名单IP语句可用.但是，您将必须编写APL语句并上载它们.

S3 supports granular control over buckets and objects in them using "Access Policy Language". There is specific whitelist and blacklist IP statements available. You will have to write the APL statements and upload them, however.

http://docs.amazonwebservices.com/AmazonS3/latest/dev/AccessPolicyLanguage.html

这是2个条件部分的示例:

Here are 2 condition section examples:

白名单

"Condition" :  {
       "IpAddress" : {
          "aws:SourceIp" : ["192.168.176.0/24","192.168.143.0/24"]
      }
}

黑名单

"Condition" :  {
       "NotIpAddress" : {
          "aws:SourceIp" : ["192.168.176.0/24","192.168.143.0/24"]
      }
}

这篇关于基于IP地址的Amazon S3文件访问策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！