Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Amazon Web Services (AWS) S3 bucket policy to enforce encryption, SSL and IP access.
{
"Version": "2012-10-17",
"Id": "BucketPolicy1",
"Statement": [
{
"Sid": "DenyUnEncryptedObjectUploads",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::myBucket/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
},
{
"Sid": "DenyUnSecureCommunications",
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::myBucket",
"Condition": {
"Bool": {
"aws:SecureTransport": false
}
}
},
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::myBucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "209.34.196.64/26"
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.