问题
A have a bucket with a public read policy. Now I want to restrict access to some of the objects in order to be accessible only from some IP adresses. Is this possible?
I also plan to add CloudFront. What should I do to keep the same settings on each object?
Thanks!
回答1:
You can use S3 bucket policy. But instead of individual files it will be applied to individual folders in the bucket. You can use policy like the following:
{
"Version": "2008-10-17",
"Id": "testPolicy",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/subfolder/subfolder2/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"xxx.xxx.xxx.xxx/xx",
"xxx.xxx.xxx.xxx/xx"
]
}
}
}
]
}
User your bucket name and folder names, and IPs.
Note: Please try it first on a non production bucket.
来源:https://stackoverflow.com/questions/14622411/amazon-s3-objects-is-it-possible-to-restrict-public-read-policy-to-some-ip-adre