How can I restrict IP addresses dynamically and release them after 24hrs?

0

I want to restrict the IP address for some hours(say 24 hrs), for those who query to my AWS s3 bucket(public read only) for more than 100/second. As they might be spam and wanted to harm my business by increasing traffic and raising my AWS costing. So far I have not found any policy example to perform this. How can I restrict these type of IP addresses dynamically and release them after 24hrs?

已提問 1 年前檢視次數 322 次
2 個答案
1

Unfortunately there isn't an easy one click option afaik - One way I can think of this could be achieved is you would need to enable server access logs for your s3 bucket - this would contain the source request information you require.

You would then need to process these logs. You could use lambda to send the data to a log aggregation service like Opensearch where you can perform the processing and take action - see this blog. Another option is have a step function run on a schedule to use Athena to query the logs and take action (update your bucket policy to block). The main difference between these two options is how real time you need to process the logs and put the block in place

AWS
專家
Peter_G
已回答 1 年前
0

Another approach is to front the bucket with CloudFront and dynamically update a WAF ACL with a deny list. You could send the CloudFront logs to S3 and use Athena to query. This has the added benefit of not having a public bucket.

profile pictureAWS
專家
kentrad
已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南