Which method can be used to prevent an IP address block from accessing public objects in an S3 bucket?

seenagapeFebruary 12, 2016

A.
Create a bucket policy and apply it to the bucket

B.
Create a NACL and attach it to the VPC of the bucket

C.
Create an ACL and apply it to all objects in the bucket

D.
Modify the IAM policies of any users that would access the bucket

Explanation:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html

7 Comments on “Which method can be used to prevent an IP address block from accessing public objects in an S3 bucket?”

Seth says:

June 10, 2016 at 12:22 am

I agree that A is the answer. S3 ACL cannot be used for IP addresses.

0

0

Reply
CLOUD ABINAV says:

November 26, 2016 at 5:20 am

why can’t D??

0

0

Reply
1. guy says:
  
  January 18, 2018 at 11:07 am
  
  D is a user and not an IP
  
  0
  
  0
  
  Reply
nyara says:

December 25, 2016 at 9:37 am

a

0

0

Reply
Leonardo Giallusi says:

January 2, 2017 at 3:52 pm

{
“Version”: “2012-10-17”,
“Id”: “S3PolicyId1”,
“Statement”: [
{
“Sid”: “IPAllow”,
“Effect”: “Allow”,
“Principal”: “*”,
“Action”: “s3:*”,
“Resource”: “arn:aws:s3:::examplebucket/*”,
“Condition”: {
“IpAddress”: {“aws:SourceIp”: “54.240.143.0/24”},
“NotIpAddress”: {“aws:SourceIp”: “54.240.143.188/32”}
}
}
]
}

1

0

Reply
BDA says:

February 12, 2017 at 8:21 am

A

0

0

Reply
dong says:

February 8, 2018 at 10:31 pm

A

0

0

Reply