aws:s3
s3
バケットポリシー
vpcと社内からのオブジェクト取得を許可する例
{
"Version": "hogehoge",
"Statement": [
{
"Sid": "AllowFromOffice",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::${bucket_name}/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"192.0.2.0/24",
]
}
}
}, {
"Sid": "AllowFromVpc",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::${bucket_name}/*"
],
"Condition": {
"StringEquals": {
"aws:sourceVpce": "${vpc_endpoint_id}"
}
}
}
]
}
aws/s3.txt · 最終更新: 2018/11/05 03:17 by nullpon