如何在S3中设置存储桶策略以允许静态网站托管,同时限制某些IP访问文件?
作为参考,这是静态虚拟主机的存储桶策略示例:
{
"Version":"2012-10-17",
"Statement":[{
"Sid":"PublicReadGetObject",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::example-bucket/*"
]
}
]
}
答案 0 :(得分:0)
添加condition以拒绝某些IP地址或一系列IP地址。对于example,可以使用:
{
"Version":"2012-10-17",
"Statement":[{
"Sid":"PublicReadGetObject",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::example-bucket/*"
],
"Condition": {
"NotIpAddress": {
"aws:SourceIp": ["200.1.11.123"]
}
}
}
]
}