Working with Amazon S3 Buckets
How to grant public-read permission to anonymous users (i.e. to everyone)
{ "Version": "2008-10-17", "Statement": [ { "Sid": "AllowPublicRead", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::my-brand-new-bucket/*" ] } ] }How to grant full access for the users from specific IP addresses.
{ "Version": "2008-10-17", "Id": "S3PolicyId1", "Statement": [ { "Sid": "IPAllow", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:*", "Resource": "arn:aws:s3:::my-brand-new-bucket/*", "Condition": { "IpAddress": { "aws:SourceIp": "192.168.143.0/24" }, "NotIpAddress": { "aws:SourceIp": "192.168.143.188/32" } } }, { "Sid": "IPDeny", "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": "s3:*", "Resource": "arn:aws:s3:::my-brand-new-bucket/*", "Condition": { "IpAddress": { "aws:SourceIp": "10.1.2.0/24" } } } ] }How to protect your amazon s3 files from hotlinking.
{ "Version": "2008-10-17", "Id": "preventHotLinking", "Statement": [ { "Sid": "1", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-brand-new-bucket/*", "Condition": { "StringLike": { "aws:Referer": [ "http://yourwebsitename.com/*", "http://www.yourwebsitename.com/*" ] } } } ] }How to allow only specific IP to write to a bucket and everyone read from it.
{ "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-brand-new-bucket/*", "Condition": { } }, { "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": [ "s3:PutObject", "s3:DeleteObject" ], "Resource": "arn:aws:s3:::my-brand-new-bucket/*", "Condition": { "IpAddress": { "aws:SourceIp": "192.168.0.0/16" } } } ] }
-