Restrict s3 bucket Access to VPC

AWS

Allow access to s3 bucket only from vpc

Currently I am evaluating options to lockdown permissions to my S3 Buckets as part of Security Enhancements. These are the steps I followed to lock down S3 Bucket access only to my VPC

Create VPC End Points

VPC End Points Screen Shot

Attach the S3 Bucket Policy to Restrict Access

{
	"Version": "2012-10-17",
	"Id": "Policy123456789",
	"Statement": [
		{
			"Sid": "Stmt123456789",
			"Effect": "Deny",
			"Principal": "*",
			"Action": "s3:*",
			"Resource": "arn:aws:s3:::example-confidential/*",
			"Condition": {
				"StringNotEquals": {
					"aws:sourceVpc": "vpc-2f2b202b"
				}
			}
		}
	]
}

Access the Buckets Outside VPC

Once you have attached the policy, if you access the S3 Files through console not being on VPC, you will receive the error.

AccessDenied Access Denied 14FB0BEFD8A0C8E5 JrFOr/6Fe20lyMxjCy6lPhJIJ8sj3kG7zSiel2kcvv6OUssHQ2W/e7bYTjD3hXjX2m1/aHB+G1I=

Access the Buckets from VPC

If you log into a EC2 Instance which is hosted on VPC, you will be able to access the s3 Bucket.

SSH Into your EC2 Machine and verify your VPC through Instance Meta Data Store.

[ec2-user]# curl http: //169.254.169.254/latest/meta-data/network/interfaces/macs/
01:ed:88:51:f6:29/ [ec2-user]# curl http: //169.254.169.254/latest/meta-data/network//interfaces/macs/01:ed:88:51:f6:29/vpc-id
vpc-2f2b202b

If you execute s3 commands to access the bucket, you will be able to access the S3 Bucket without access denied error.

aws s3 ls example-confidential aws s3 cp s3:: //example-confidential/SampleConfidentialFile.txt  SampleConfidentialFile.txt

Take a look at the lastest aricles

Building a Diagnostic AI Agent on Microsoft Fabric: A Structured, Tool-Driven Implementation

In the first part of this series, we introduced the idea of moving beyond dashboards to build diagnostic AI agents capable of uncovering the why behind business performance shifts. That article focused on architectural principles and the role of AWS Strands in enabling controlled agentic behavior. In this follow-up, we take a more detailed look at how […]

Automating Invoice Processing with Azure AI: A Serverless Architecture Pattern for Intelligent Document Workflows

Organizations continue to process a significant portion of their operational data through documents—particularly invoices, which arrive in multiple formats, structures, and levels of quality. Traditionally, handling these documents requires manual review, data entry, and routing, which introduces delays and increases the likelihood of errors. With the steady advancement of Azure’s AI capabilities and serverless integration services, customers […]

From Legacy to AI-Ready: A Complete Guide to Modernizing ASP.NET Applications

The AI era demands more from our applications than ever before. Legacy ASP.NET applications, while reliable workhorses, often struggle with the scalability, flexibility, and integration capabilities needed to leverage modern AI services. But how do you modernize without risking business continuity? At CloudIQ, we've not only researched and documented the best strategies—we've built them. This post brings together everything we've learned: comprehensive strategy, […]

Let’s shape your AI-powered future together.

Partner with CloudIQ to achieve immediate gains while building a strong foundation for long-term, transformative success.

Book a Free Consultation