Is aws:SourceVpc condition key present in the request context when interacting with S3 over web console?

后端未结

关注

 2  1502

I have a Bucket Policy (listed below) that is supposed to prevent access to an S3 bucket when accessed from anywhere other than a specific VPC. I launched an EC2 instance in the

相关标签:

2条回答

盖世英雄少女心

2021-01-24 07:05

Yes, you are right. I tested the following bucket policy, the operations from the AWS S3 console are denied.

{
    "Version": "2012-10-17",
    "Id": "Policy1589385141624",
    "Statement": [
        {
            "Sid": "Access-to-specific-VPC-only",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::abhxy12bst3",
                "arn:aws:s3:::abhxy12bst3/*"
            ],
            "Condition": {
                "StringLike": {
                    "aws:sourceVpc": "vpc-30*"
                }
            }
        }
    ]
}

It means there is definitely some vpc id present in the request. It might be same for each account or it could be different.

0 讨论(0)

无人及你

2021-01-24 07:08

This will apply to all requests interacting with S3. The console just provides a GUI on top of the AWS API.

0 讨论(0)
发布评论:

提交评论
- 加载中...