By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How can I restrict IP addresses dynamically and release them after 24hrs?

0

I want to restrict the IP address for some hours(say 24 hrs), for those who query to my AWS s3 bucket(public read only) for more than 100/second. As they might be spam and wanted to harm my business by increasing traffic and raising my AWS costing. So far I have not found any policy example to perform this. How can I restrict these type of IP addresses dynamically and release them after 24hrs?

Topics
Security, Identity, & ComplianceStorage
Tags
IAM PoliciesS3 Select
Language
English
makemyutsav
asked a year ago308 views
2 Answers
1

Unfortunately there isn't an easy one click option afaik - One way I can think of this could be achieved is you would need to enable server access logs for your s3 bucket - this would contain the source request information you require.

You would then need to process these logs. You could use lambda to send the data to a log aggregation service like Opensearch where you can perform the processing and take action - see this blog. Another option is have a step function run on a schedule to use Athena to query the logs and take action (update your bucket policy to block). The main difference between these two options is how real time you need to process the logs and put the block in place

AWS
EXPERT
Peter_G
answered a year ago
0

Another approach is to front the bucket with CloudFront and dynamically update a WAF ACL with a deny list. You could send the CloudFront logs to S3 and use Athena to query. This has the added benefit of not having a public bucket.

profile pictureAWS
EXPERT
kentrad
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content