Create and Apply S3 Bucket Policies with Conditions to Restrict Specific Bucket Permissions

Being able to restrict and grant access to specific S3 resources is fundamental when implementing your security procedures. There are various methods that can be used to achieve this, one of which is to implement bucket policies. Bucket policies are applied directly to a bucket within S3 itself and apply to that bucket only.  

To make your bucket policy even more effective, you can apply specific conditions as to when the effects of that Policy should apply. There are a many conditions you can base your bucket policy upon, and the AWS documentation provides greater insight into these here.

This Lab will guide you through the bucket policy creation process with the use of the AWS Policy Generator. 

You will create and test two different bucket policies:

1. Configure a bucket policy that will restrict what a user can do within an S3 bucket based upon their IP address

2. Configure a bucket policy to only allow the upload of objects to a bucket when server side encryption has been configured for the object

 

Updates 

April 8th, 2020 - Updated S3 Bucket Enforces Encryption check to tolerate bucket name variations

January 10th, 2019 - Added a validation Lab Step to check the work you perform in the Lab