[英]S3 access policy to allow download to a specific IP address
I'm trying to implement a batch virus scanner.我正在尝试实现批处理病毒扫描程序。 I have a cron job set up to periodically scan unscanned files stored on S3.
我设置了一个 cron 作业来定期扫描存储在 S3 上的未扫描文件。 Whenever I try to wget the file, I get a
403
.每当我尝试 wget 文件时,我都会收到
403
。
I've set up this policy:我已经制定了这个政策:
{
"Version": "2012-10-17",
"Id": "S3PolicyIPRestrict",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "ip of my address/32"
}
}
}
]
}
Any idea what I'm doing wrong?知道我做错了什么吗?
Use the below bucket policy if you want to allow specfic ip address to access the files on s3 bucket.如果您想允许特定 IP 地址访问 s3 存储桶上的文件,请使用以下存储桶策略。
{ "Version": "2012-10-17", "Id": "S3PolicyId1", "Statement": [ { "Sid": "IPAllow", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": [ "arn:aws:s3:::<bucket>", "arn:aws:s3:::<bucket>/*" ], "Condition": { "IpAddress": { "aws:SourceIp": "<IP>/32" } } } ] }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.