Amazon Web Services (AWS) S3 bucket policy to enforce encryption, SSL and IP access.
| { | |
| "Version": "2012-10-17", | |
| "Id": "BucketPolicy1", | |
| "Statement": [ | |
| { | |
| "Sid": "DenyUnEncryptedObjectUploads", | |
| "Effect": "Deny", | |
| "Principal": "*", | |
| "Action": "s3:PutObject", | |
| "Resource": "arn:aws:s3:::myBucket/*", | |
| "Condition": { | |
| "StringNotEquals": { | |
| "s3:x-amz-server-side-encryption": "AES256" | |
| } | |
| } | |
| }, | |
| { | |
| "Sid": "DenyUnSecureCommunications", | |
| "Effect": "Deny", | |
| "Principal": { | |
| "AWS": "*" | |
| }, | |
| "Action": "s3:*", | |
| "Resource": "arn:aws:s3:::myBucket", | |
| "Condition": { | |
| "Bool": { | |
| "aws:SecureTransport": false | |
| } | |
| } | |
| }, | |
| { | |
| "Sid": "IPAllow", | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": "*" | |
| }, | |
| "Action": "s3:*", | |
| "Resource": "arn:aws:s3:::myBucket/*", | |
| "Condition": { | |
| "IpAddress": { | |
| "aws:SourceIp": "209.34.196.64/26" | |
| } | |
| } | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment