Last active
December 30, 2016 05:55
-
-
Save na0AaooQ/20d9f42e47839175d70ebaedb440ebe3 to your computer and use it in GitHub Desktop.
Amazon S3 バケットポリシーで特定のIPアドレスのみS3へのファイルアップロードを許可する + cURLコマンドでjsonファイルをS3へアップロード(PUT)する ref: http://qiita.com/na0AaooQ/items/bc9a6dd00f20d404651e
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NotAllowAccessPC001:~ user1$ curl --version | |
curl 7.30.0 (x86_64-apple-darwin13.0) libcurl/7.30.0 SecureTransport zlib/1.2.5 | |
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp | |
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz | |
NotAllowAccessPC001:~ user1$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AllowAccessPC002-198.51.100.15:~ user2$ curl https://s3-ap-northeast-1.amazonaws.com/example-data-json/test/example.json | |
[ | |
{ | |
"Message":"Hello World" | |
} | |
] | |
AllowAccessPC002-198.51.100.15:~ user2$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-ruby-sinatra-server ~]$ cat example.json | |
[ | |
{ | |
"Message":"Hello World" | |
} | |
] | |
[ec2-user@example-ruby-sinatra-server ~]$ | |
[ec2-user@example-ruby-sinatra-server ~]$ curl httpbin.org/ip | |
{ | |
"origin": "203.0.113.11" | |
} | |
[ec2-user@example-ruby-sinatra-server ~]$ | |
[ec2-user@example-ruby-sinatra-server ~]$ curl -X PUT https://s3-ap-northeast-1.amazonaws.com/example-data-json/test/example.json -T example.json | |
<?xml version="1.0" encoding="UTF-8"?> | |
<Error><Code>****************</Code><Message>Access Denied</Message><RequestId>F42C780B0C0C63A5</RequestId><HostId>**************************************************+**************/**********</HostId></Error>[ec2-user@example-ruby-sinatra-server ~]$ | |
[ec2-user@example-ruby-sinatra-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ec2-user@example-ruby-sinatra-server ~]$ curl httpbin.org/ip | |
{ | |
"origin": "203.0.113.11" | |
} | |
[ec2-user@example-ruby-sinatra-server ~]$ | |
[ec2-user@example-ruby-sinatra-server ~]$ curl https://s3-ap-northeast-1.amazonaws.com/example-data-json/test/example.json | |
[ | |
{ | |
"Message":"Hello World" | |
} | |
] | |
[ec2-user@example-ruby-sinatra-server ~]$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NotAllowAccessPC001:~ user1$ $ cat << EOS > example.json | |
[ | |
{ | |
"Message":"Hello World" | |
} | |
] | |
EOS |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NotAllowAccessPC001:~ user1$ cat example.json | |
[ | |
{ | |
"Message":"Hello World" | |
} | |
] | |
NotAllowAccessPC001:~ user1$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl -X PUT https://s3-ap-northeast-1.amazonaws.com/example-data-json/test/example.json -T example.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NotAllowAccessPC001:~ user1$ curl -X PUT https://s3-ap-northeast-1.amazonaws.com/example-data-json/test/example.json -T example.json | |
<?xml version="1.0" encoding="UTF-8"?> | |
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>****************</RequestId><HostId>**************************************************+**************/**********</HostId></Error>NotAllowAccessPC001:~ user1$ | |
NotAllowAccessPC001:~ user1$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AllowAccessPC002-198.51.100.15:~ user2$ cat example.json | |
[ | |
{ | |
"Message":"Hello World" | |
} | |
] | |
AllowAccessPC002-198.51.100.15:~ user2$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl -X PUT https://s3-ap-northeast-1.amazonaws.com/example-data-json/test/example.json -T example.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AllowAccessPC002-198.51.100.15:~ user2$ curl -X PUT https://s3-ap-northeast-1.amazonaws.com/example-data-json/test/example.json -T example.json | |
AllowAccessPC002-198.51.100.15:~ user2$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl https://s3-ap-northeast-1.amazonaws.com/example-data-json/test/example.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2008-10-17", | |
"Id": "ExampleBucketPolicy201612300001", | |
"Statement": [ | |
{ | |
"Sid": "AccessControl-From-AWS-Account", | |
"Effect": "Allow", | |
"Principal": { | |
"AWS": "111111111111" | |
}, | |
"Action": [ | |
"s3:*" | |
], | |
"Resource": "arn:aws:s3:::example-data-json/*" | |
}, | |
{ | |
"Sid": "AccessControl-From-IPaddress-001", | |
"Effect": "Allow", | |
"Principal": { | |
"AWS": "*" | |
}, | |
"Action": [ | |
"s3:GetObjectVersion", | |
"s3:GetObject", | |
"s3:PutObject", | |
"s3:DeleteObject" | |
], | |
"Resource": "arn:aws:s3:::example-data-json/test/*", | |
"Condition": { | |
"IpAddress": { | |
"aws:SourceIp": [ | |
"198.51.100.15/32", | |
"198.51.100.16/32", | |
"192.0.2.0/24" | |
] | |
} | |
} | |
}, | |
{ | |
"Sid": "AccessControl-From-IPaddress-002", | |
"Effect": "Deny", | |
"Principal": { | |
"AWS": "*" | |
}, | |
"Action": [ | |
"s3:PutObject", | |
"s3:DeleteObject" | |
], | |
"Resource": "arn:aws:s3:::example-data-json/test/*", | |
"Condition": { | |
"NotIpAddress": { | |
"aws:SourceIp": [ | |
"198.51.100.15/32", | |
"198.51.100.16/32", | |
"192.0.2.0/24" | |
] | |
} | |
} | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment