Currently I am evaluating options to lockdown permissions to my S3 Buckets as part of Security Enhancements. These are the steps I followed to lock down S3 Bucket access only to my VPC
VPC End Points Screen Shot
{
"Version": "2012-10-17",
"Id": "Policy123456789",
"Statement": [
{
"Sid": "Stmt123456789",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::example-confidential/*",
"Condition": {
"StringNotEquals": {
"aws:sourceVpc": "vpc-2f2b202b"
}
}
}
]
}
Once you have attached the policy, if you access the S3 Files through console not being on VPC, you will receive the error.
AccessDenied Access Denied 14FB0BEFD8A0C8E5 JrFOr/6Fe20lyMxjCy6lPhJIJ8sj3kG7zSiel2kcvv6OUssHQ2W/e7bYTjD3hXjX2m1/aHB+G1I=
If you log into a EC2 Instance which is hosted on VPC, you will be able to access the s3 Bucket.
SSH Into your EC2 Machine and verify your VPC through Instance Meta Data Store.
[ec2-user]# curl http: //169.254.169.254/latest/meta-data/network/interfaces/macs/
01:ed:88:51:f6:29/ [ec2-user]# curl http: //169.254.169.254/latest/meta-data/network//interfaces/macs/01:ed:88:51:f6:29/vpc-id
vpc-2f2b202b
If you execute s3 commands to access the bucket, you will be able to access the S3 Bucket without access denied error.
aws s3 ls example-confidential aws s3 cp s3:: //example-confidential/SampleConfidentialFile.txt SampleConfidentialFile.txt
Share this:
CloudIQ is a leading Cloud Consulting and Solutions firm that helps businesses solve today’s problems and plan the enterprise of tomorrow by integrating intelligent cloud solutions. We help you leverage the technologies that make your people more productive, your infrastructure more intelligent, and your business more profitable.
LATEST THINKING
INDIA
Chennai One IT SEZ,
Module No:5-C, Phase ll, 2nd Floor, North Block, Pallavaram-Thoraipakkam 200 ft road, Thoraipakkam, Chennai – 600097
© 2023 CloudIQ Technologies. All rights reserved.
Get in touch
Please contact us using the form below
USA
INDIA