Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Is this possible to set different condition in the Policy on S3 bucket ?

0

we have whitelisted some set of IP's and VPC on S3 bucket so that only whitelisted users can access those objects URL.

But we also want to serve same set of objects through Cloudfront as well.This Cloudfront URL will be used internally only.Can we add them as well ? Any recommendations in the below policy which needs to be set ?

{ "Version": "2012-10-17", "Statement": [ { "Sid": "Statement2", "Effect": "Allow", "Principal": "", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::toch-poc-2/", "Condition": { "ForAnyValue:StringEqualsIfExists": { "aws:SourceVpc": "vpc-01da38acfdde46edd" } } }, { "Sid": "Statement2", "Effect": "Allow", "Principal": "", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::toch-poc-2/", "Condition": { "IpAddress": { "aws:SourceIp": [ "43.204.223.244/32", "34.126.80.246/32", "34.142.191.139/32", "34.143.188.86/32", "49.249.215.66/32", "15.207.175.132/32", "10.190.3.0/24" ] } } } ] }

Topics
Storage
Tags
Amazon Simple Storage Service
Language
English
asked 3 years ago402 views
2 Answers
1
Accepted Answer

Yes, this is possible by using CloudFront Origin Access Control and adding a statement to bucket policy to allow this. Then use a WAF ACL to allow only your CIDR addresses to access the distribution.

AWS
EXPERT
answered 3 years ago
EXPERT
reviewed 2 years ago
EXPERT
reviewed 3 years ago
EXPERT
reviewed 3 years ago
EXPERT
reviewed 3 years ago
0

thanks.This worked

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content