What does the statement body of this S3 bucket policy do?

Advertisement

{
“Sid”: “bucketpolicy1”,
“Effect”: “Allow”,
“Principal”: “*”,
“Action”: “s3:GetObject”,
“Resource”: “arn:aws:s3:::userreports/*”,
“Condition”: {
“IpAddress”: { “aws:SourceIp”: “68.249.108.0/24” },
“NotIpAddress”: { “aws:SourceIp”: “68.249.108.128/32” }
}
}

  • bucketpolicy1 allows any user to perform any action on the objects in the userreports bucket, but limits the objects to read-only permissions for anyone coming from 68.249.108.0 to 68.249.108.255 – except 68.249.108.128.
  • bucketpolicy1 allows any user coming from the IP range of 68.249.108.0 to access objects in the userreports bucket and denies access to 68.249.108.128.
  • bucketpolicy1 allows any user to perform any action on the objects in the userreports bucket – except anyone coming from the IP of 68.249.108.128.
  • bucketpolicy1 allows any user coming from the IP range of 68.249.108.0 to 68.249.108.255 to access objects in the userreports bucket-except anyone coming from the IP of 68.249.108.128.

Leave a Comment