s3策略允许在同一语句中使用多个IP

Question

s3策略允许在同一语句中使用多个IP

Kra*_*tos 4 private ip-address amazon-s3 access-denied amazon-web-services

我试图允许从3个指定的IP地址连接到一个桶.当我这样添加它们时:

{
    "Version": "2008-10-17",
    "Id": "S3PolicyId1",
    "Statement": [
        {
            "Sid": "IPDeny",
            "Effect": "Deny",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::bucket/*",
            "Condition": {
                "NotIpAddress": {
                    "aws:SourceIp": "ip1",
                    "aws:SourceIp": "ip2",
                    "aws:SourceIp": "ip3"
                }
            }
        }
    ]
}

Run Code Online (Sandbox Code Playgroud)

一旦保存,将保留三个中的一行,因此我只能有一个IP集.任何想法我怎么能这样做而不需要长时间添加新的声明和解决方法？

Answer 1

Kra*_*tos 10

{
    "Version": "2008-10-17",
    "Id": "testPolicy",
    "Statement": [

        {
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucketname/subfolder/subfolder2/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": [
                        "xxx.xxx.xxx.xxx/32",
                        "xxx.xxx.xxx.xxx/32"
                    ]
                }
            }
        }

Run Code Online (Sandbox Code Playgroud)

]}

归档时间：	10 年，1 月前
查看次数：	1887 次
最近记录：	7 年，4 月前