用于托管静态网站和黑名单IP的Amazon S3存储桶策略

时间:2015-02-13 14:12:05

标签: amazon-s3

如何在S3中设置存储桶策略以允许静态网站托管,同时限制某些IP访问文件?

作为参考,这是静态虚拟主机的存储桶策略示例:

{
  "Version":"2012-10-17",
  "Statement":[{
    "Sid":"PublicReadGetObject",
        "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::example-bucket/*"
      ]
    }
  ]
}

1 个答案:

答案 0 :(得分:0)

添加condition以拒绝某些IP地址或一系列IP地址。对于example,可以使用:

{
  "Version":"2012-10-17",
  "Statement":[{
    "Sid":"PublicReadGetObject",
        "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::example-bucket/*"
      ],
      "Condition": {
         "NotIpAddress": {
            "aws:SourceIp": ["200.1.11.123"]
         }
       }
    }
  ]
}