Is aws:SourceVpc condition key present in the request context when interacting with S3 over web console?

后端未结

关注

 2  1501

故里飘歌 2021-01-24 06:36

I have a Bucket Policy (listed below) that is supposed to prevent access to an S3 bucket when accessed from anywhere other than a specific VPC. I launched an EC2 instance in the

2条回答

盖世英雄少女心 (楼主)

2021-01-24 07:05

Yes, you are right. I tested the following bucket policy, the operations from the AWS S3 console are denied.

{
    "Version": "2012-10-17",
    "Id": "Policy1589385141624",
    "Statement": [
        {
            "Sid": "Access-to-specific-VPC-only",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::abhxy12bst3",
                "arn:aws:s3:::abhxy12bst3/*"
            ],
            "Condition": {
                "StringLike": {
                    "aws:sourceVpc": "vpc-30*"
                }
            }
        }
    ]
}

It means there is definitely some vpc id present in the request. It might be same for each account or it could be different.

0 讨论(0)

查看其它2个回答