I want requests from AWS IP addresses to be able to access my Amazon Simple Storage Service (Amazon S3) bucket. How can I find the AWS IP addresses that I should grant access to? How can I grant access to those IP addresses? 

Find the AWS IP addresses

Filter the JSON file of AWS IP address ranges for the specific addresses that you want to grant access to. For example, to find IPv4 addresses for Amazon Elastic Compute Cloud (Amazon EC2) in the US East (N. Virginia) Region, you can run this jq command to parse the file:

jq -r '.prefixes[] | select(.region=="us-east-1") | select(.service=="EC2") | .ip_prefix' < ip-ranges.json

The command returns a response similar to the following:

"18.208.0.0/13"
"52.95.245.0/24"
"54.196.0.0/15"
"216.182.224.0/21"

Grant access to the IP addresses

Update your bucket policy with a condition element that grants access when the request is from the AWS IP addresses. For example, the following bucket policy allows all Amazon S3 actions on awsexamplebucket when the request is from the AWS IP addresses 18.208.0.0/13 and 52.95.245.0/24

{
  "Version": "2012-10-17",
  "Id": "S3PolicyId1",
  "Statement": [
    {
      "Sid": "IPAllow",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::awsexamplebucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "18.208.0.0/13",
            "52.95.245.0/24"
          ]
        }
      }
    }
  ]
}

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2019-02-21