基于IP地址的Amazon S3文件访问策略

本文介绍了基于IP地址的Amazon S3文件访问策略的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

是否有任何方法可以基于客户端IP地址限制对存储在Amazon S3中的文件的访问?

Is there any way to limit the access of a file stored in Amazon S3 based on the client IP address?

我有一个文件存储在该文件中，只能通过特定的IP地址访问该文件.该怎么做?

I have a file stored there, which should be access only by specific IP address. How to do this?

推荐答案

是的，尽管我自己没有使用过.

Yes there is, although I have not used this myself.

S3支持使用访问策略语言"对存储桶和其中的对象进行精细控制.有特定的白名单和黑名单IP语句可用.但是，您将必须编写APL语句并上载它们.

S3 supports granular control over buckets and objects in them using "Access Policy Language". There is specific whitelist and blacklist IP statements available. You will have to write the APL statements and upload them, however.

docs.amazonwebservices/AmazonS3/latest/dev/AccessPolicyLanguage.html

这是2个条件部分的示例:

Here are 2 condition section examples:

白名单

"Condition" : { "IpAddress" : { "aws:SourceIp" : ["192.168.176.0/24","192.168.143.0/24"] } }

黑名单

"Condition" : { "NotIpAddress" : { "aws:SourceIp" : ["192.168.176.0/24","192.168.143.0/24"] } }