AWS restrict bucket access

Question

So I have a bucket where are hosted front project and am using CloudFront. so I want to restrict access to the bucket. site must be visible only from current IP addresses. I searched and found that in the current bucket->permissions, there is a bucket policy. and the bucket policy must be something like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowTrustedIPs",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my-project-dev/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "my-office-ip/32"
                }
            }
        }
    ]
}

but when I added this policy site was blocked. Access Denied. but from my office ip it must be visible. but it was not. so I really don't understand what am doing wrong. I used aws docks example... Can someone help me, please...

am checking my current ip, and then adding it to bucket policy. — Boychik, Aug 30 '23 at 06:56
How to check that? on whatismyipaddress.com am getting 212.80.128.186 this ip. its my office ip. and in policy i have this "aws:SourceIp": "212.80.128.186/32" — Boychik, Aug 30 '23 at 07:44
Cloud front has its own IP. Why would you use your own, if you use cloud front? — Marcin, Aug 30 '23 at 07:46
my task is that i have site www.something.com and the project that is used on this site is on X bucket, so i want to block this www.something.com site and it must be accessed only from office. only from this ip: 212.80.128.186 — Boychik, Aug 30 '23 at 08:43
If you use cloudfront, you have to use cloudfront + waf to limit access to it. Not bucket policy. — Marcin, Aug 30 '23 at 08:50
okay, i understand now. thanks for info. one more question, but if i added office ip to bucket policy,why i can't enter bucket? when am in office ? — Boychik, Aug 30 '23 at 08:52

AWS restrict bucket access

0 Answers0