S3 Restrict IP Addresses

Here’s the policy to restrict access to S3 bucket to certain IP addresses.

{
    "Version": "2012-10-17",
    "Id": "S3PolicyIPRestrict",
    "Statement": [
        {
            "Sid": "IPAllow",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*" 
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::bucket/*",
            "Condition" : {
                "IpAddress" : {
                    "aws:SourceIp": "10.10.10.0/24" 
                },
                "NotIpAddress" : {
                    "aws:SourceIp": "10.10.10.100/32" 
                } 
            } 
        } 
    ]
}

Allow anyone in the 10.10.10.0/24 network except for 10.10.10.100/32.

Sign up