ユーザ用ツール

サイト用ツール


aws:s3

s3

バケットポリシー

vpcと社内からのオブジェクト取得を許可する例

{
    "Version": "hogehoge",
    "Statement": [
         {
            "Sid": "AllowFromOffice",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::${bucket_name}/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": [
                        "192.0.2.0/24",
                    ]
                }
            }
        }, {
            "Sid": "AllowFromVpc",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::${bucket_name}/*"
            ],
            "Condition": {
                "StringEquals": {
                    "aws:sourceVpce": "${vpc_endpoint_id}"
                }
            }
        }
    ]
}
aws/s3.txt · 最終更新: 2018/11/05 03:17 by nullpon