Open Ramnikov opened 3 years ago
unfor19
commented
3 years ago That's more of an AWS S3 question ... How about this blog post - How can I restrict access to my Amazon S3 bucket using specific VPC endpoints or IP addresses?
From where are you trying to access the S3 bucket? Organization VPN? AWS VPC? From home? ...
Ramnikov
commented
3 years ago Hi Mair, many thx for your reply.
At the end i have set my S3 policy this way:
BuildBadgesImagesBucketPolicy:
DependsOn: BuildBadgesImagesBucket
Type: 'AWS::S3::BucketPolicy'
Properties:
PolicyDocument:
Id: BuildBadgesImagesBucketPolicy-dev
Version: 2012-10-17
Statement:
- Sid: PublicReadForGetBucketObjects
Effect: Allow
Principal: '*'
Action: 's3:GetObject'
Resource: !Sub 'arn:aws:s3:::${AppName}-badges-images-${Stage}/*'
Condition:
IpAddress:
'aws:SourceIp':
- "xx.xx.xx.xx"
- "xx.xx.xx.xx"
- "xx.xx.xx.xx"
- "xx.xx.xx.xx"
- "xx.xx.xx.xx"
Bucket: !Ref BuildBadgesImagesBucketNot sure if this is the best way.
Concerning your question, i am trying to access the S3 from AWS VPC that is behind a vpn. If you have any Tipps how to make it better i would be more than happy to try.
Many thanks for your support Stay save.. we all support IS.
unfor19
commented
3 years ago Thank you @Ramnikov , that is very heartwarming
Regarding your question, I'm still not 100% how your infrastructure looks like. Could you elaborate a bit more? For example -
The thing that confuses me is "VPC behind a VPN"
Hi, currently the S3 bucket is publicly accessble. In my Project it is not allowed to have any S3 bucket in public status. Is it possible to make it accasble only for some IP range?
with regards
Andrew