将对S3的访问限制为特定的IP地址
[英]Restricting Access to S3 to a Specific IP Address
问题描述
I have a bucket policy that I customized from the AWS S3 docs, instead of range of IP addresses, I changed it for just one IP. 
我有一个从AWS S3文档中自定义的存储桶策略,而不是IP地址范围,而是仅更改了一个IP。 The bucket name is : www.joaquinamenabar.com. 存储桶名称是:www.joaquinamenabar.com。 The IP address 66.175.217.48 corresponds to the sub-domain: https://letsdance.joaquinamenabar.com/ IP地址66.175.217.48对应于以下子域: https ://letsdance.joaquinamenabar.com/
{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::www.joaquinamenabar.com/*",
"Condition": {
"IpAddress": {"aws:SourceIp": "66.175.217.48"},
"NotIpAddress": {"aws:SourceIp": "66.175.217.48"}
}
}
]
}
The files are not available for public. 这些文件不公开。 I generate links using aws-sdk that expires after some time. 我使用aws-sdk生成链接,该链接在一段时间后过期。 The problem is the link is accessible from any IP. 问题是可以从任何IP访问链接。 It has been more than a week since I changed the configuration. 自从我更改配置以来已经过去了一个多星期。 The changes should have propagated by this time. 到此时更改应该已经传播。 Any ideas what is wrong with this configuration? 有任何想法该配置有什么问题吗?
1 个解决方案
解决方案1
2 2018-07-15 17:54:41
It looks like the effect of this policy is to allow access from all IP's (66.175.217.48 and not 66.175.217.48). 看起来,此策略的效果是允许所有IP都进行访问(66.175.217.48,而不是66.175.217.48)。 Remove the NotIpAddress specifier. 删除NotIpAddress说明符。 I think you may need to specify the allowed Ip address in CIDR format too: 我认为您可能还需要以CIDR格式指定允许的IP地址:
"IpAddress": {"aws:SourceIp": "66.175.217.48/32"}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.