Articles on: Object storage

S3cmd: protect bucket access based on IP address

Prerequisites


Have configured s3cmd on your computer

S3 - IP-based bucket access protection
It is possible to protect bucket access based on IP address.
This can be achieved by modifying the policy associated with the bucket.

Setting up IP protection


Create a file on your local machine containing the following lines:

{
    "Version": "2012-10-17",
    "Id": "S3PolicyIPRestrict",
    "Statement": [
        {
            "Sid": "IPAllow",
            "Effect": "Deny",
            "Principal":{
                "AWS": "*"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::<bucket_name>",
                "arn:aws:s3:::<bucket_name>/*"
            ],
            "Condition": {
                "NotIpAddress": {
                    "aws:SourceIp": "xx.xx.xx.xx/xx"
                }
            }
        }
    ]
}


Apply policy :

s3cmd setpolicy /path/from/file/file_name s3://<bucket_name>



Check the policy: 

s3cmd info s3://<nom_du_bucket>


Delete policy:

s3cmd delpolicy s3://<nom_du_bucket>

Updated on: 05/01/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!