Amazon S3 Tools: Command Line S3 Client Software and S3 Backup

AWS S3 Command Line Clients for Windows, Linux, Mac. Backup to S3, upload, retrieve, query data on Amazon S3.

S3cmd Home   |   S3cmd Download   |   FAQ / KB   

S3cmd: FAQ and Knowledge Base

Main Page > Browse Categories > Tips, Tricks and More > How to restrict access to a bucket to specific IP addresses

How to restrict access to a bucket to specific IP addresses

To secure our files on Amazon S3, we can restrict access to a S3 bucket to specific IP addresses.

The following bucket policy grants permissions to any user to perform any S3 action on objects in the specified bucket. However, the request must originate from the range of IP addresses specified in the condition. The condition in this statement identifies 192.168.143.* range of allowed IP addresses with one exception,

    "Version": "2012-10-17",
    "Id": "S3PolicyIPRestrict",
    "Statement": [
            "Sid": "IPAllow",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::bucket/*",
            "Condition" : {
                "IpAddress" : {
                    "aws:SourceIp": ""
                "NotIpAddress" : {
                    "aws:SourceIp": ""

The IPAddress and NotIpAddress values specified in the condition uses CIDR notation described in RFC 2632. For more information, go to

User Comments
Add Comment
There are no user comments for this topic.
Add Comment
No attachments

Did this help you?
Yes No

49% found this information useful

Other Options
Printable Version

Download S3Cmd
 A printable version of the entire FAQ and Knowledge Base is also available.
 For further queries or questions, please contact us.