aws:s3
s3
バケットポリシー
vpcと社内からのオブジェクト取得を許可する例
{ "Version": "hogehoge", "Statement": [ { "Sid": "AllowFromOffice", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::${bucket_name}/*", "Condition": { "IpAddress": { "aws:SourceIp": [ "192.0.2.0/24", ] } } }, { "Sid": "AllowFromVpc", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": [ "arn:aws:s3:::${bucket_name}/*" ], "Condition": { "StringEquals": { "aws:sourceVpce": "${vpc_endpoint_id}" } } } ] }
aws/s3.txt · 最終更新: 2018/11/05 03:17 by nullpon