By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Is this possible to set different condition in the Policy on S3 bucket ?

0

we have whitelisted some set of IP's and VPC on S3 bucket so that only whitelisted users can access those objects URL.

But we also want to serve same set of objects through Cloudfront as well.This Cloudfront URL will be used internally only.Can we add them as well ? Any recommendations in the below policy which needs to be set ?

{ "Version": "2012-10-17", "Statement": [ { "Sid": "Statement2", "Effect": "Allow", "Principal": "", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::toch-poc-2/", "Condition": { "ForAnyValue:StringEqualsIfExists": { "aws:SourceVpc": "vpc-01da38acfdde46edd" } } }, { "Sid": "Statement2", "Effect": "Allow", "Principal": "", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::toch-poc-2/", "Condition": { "IpAddress": { "aws:SourceIp": [ "43.204.223.244/32", "34.126.80.246/32", "34.142.191.139/32", "34.143.188.86/32", "49.249.215.66/32", "15.207.175.132/32", "10.190.3.0/24" ] } } } ] }

Topics
Storage
Tags
Amazon Simple Storage Service
Language
English
Dhaval
asked 10 months ago240 views
2 Answers
0
Accepted Answer

Yes, this is possible by using CloudFront Origin Access Control and adding a statement to bucket policy to allow this. Then use a WAF ACL to allow only your CIDR addresses to access the distribution.

profile pictureAWS
EXPERT
kentrad
answered 10 months ago
profile picture
EXPERT
Riku_Kobayashi
reviewed 10 months ago
profile picture
EXPERT
Sedat Salman
reviewed 10 months ago
profile picture
EXPERT
Hiroki Takahashi
reviewed 10 months ago
0

thanks.This worked

Dhaval
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content