we have whitelisted some set of IP's and VPC on S3 bucket so that only whitelisted users can access those objects URL.
But we also want to serve same set of objects through Cloudfront as well.This Cloudfront URL will be used internally only.Can we add them as well ?
Any recommendations in the below policy which needs to be set ?
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement2",
"Effect": "Allow",
"Principal": "",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::toch-poc-2/",
"Condition": {
"ForAnyValue:StringEqualsIfExists": {
"aws:SourceVpc": "vpc-01da38acfdde46edd"
}
}
},
{
"Sid": "Statement2",
"Effect": "Allow",
"Principal": "",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::toch-poc-2/",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"43.204.223.244/32",
"34.126.80.246/32",
"34.142.191.139/32",
"34.143.188.86/32",
"49.249.215.66/32",
"15.207.175.132/32",
"10.190.3.0/24"
]
}
}
}
]
}