S3 public Url accessible only from instance inside VPC

Asked Aug 05 '20 at 13:01

Active Aug 05 '20 at 13:01

Viewed 171 times

I'm trying to restrict access for my S3 bucket objects to be accessible using the public URL only from instances inside a VPC. Trying to achieve it using Bucket Policy by specifying VPC id. Check the bucket policy below.

    "Version": "2012-10-17",
    "Id": "Policy1596618884802",
    "Statement": [
        {
            "Sid": "Stmt1596618880986",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::<--bucket-name-->",
                "arn:aws:s3:::<--bucket-name-->/*"
            ],
            "Condition": {
                "StringEquals": {
                    "aws:SourceVpc": "<--vpd-id-->"
                }
            }
        }
    ]
}

But even after this policy the objects are not accessible from the URL but are accessible using s3 api inside the VPC.

asked Aug 05 '20 at 13:01

Aniket Pratap Singh

Found solution here: [link](https://stackoverflow.com/questions/25539057/restricting-s3-bucket-access-to-a-vpc) – Aniket Pratap Singh Aug 06 '20 at 14:45

S3 public Url accessible only from instance inside VPC

0 Answers0