I'm kind of a newbie to AWS. I have the following data:
bucket ARN: arn:aws:s3:::my-bucket555
user: my-user-555
Access Key ID: "some key"
Secret access key: "some secret key"
And I have this policy of a bucket:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::my-bucket555"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::my-bucket555/*"
}
]
}
And also I have a bash script on a VPS which does some staff with my AWS account via API using the standard cli utility "aws s3" of Amazon. and the API keys
Problem: my bucket is publicly available at "https://s3.eu-west-2.amazonaws.com/my-bucket555". The url is obfuscated.
Question: how to make it private/non-public and still allow my bash script continue doing the job it's doing?
You have a few ways to accomplish that.
First, set as private your bucket.
Condition to only accept accesses from a specific IP.{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::my-bucket555",
"Condition": {
"ForAnyValue:IpAddress": {
"aws:SourceIp": [
"210.75.12.75/16",
"210.75.24.75/16"
]
}
}
},
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::my-bucket555/*",
"Condition": {
"ForAnyValue:IpAddress": {
"aws:SourceIp": [
"210.75.12.75/16",
"210.75.24.75/16"
]
}
}
}
]
}