AWS Policy Access by IP
September 15, 2017
Policy to restrict IAM AWS API requests to a specific set of IP addresses.
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"NotIpAddress": {
"aws:SourceIp": [
"10.13.0.0/16",
"72.55.175.70/32",
"10.100.0.0/16"
]
}
}
}
}
After applying this policy others may need to be applied or in case all in one required, something like this can be used:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"NotIpAddress": {
"aws:SourceIp": [
"10.13.0.0/16",
"72.55.175.70/32",
"10.100.0.0/16"
]
}
}
}, {
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
}
The expected error when policy is applied is similar to:
Error loading state: AccessDenied: Access Denied
status code: 403, request id: 5A14AE35A2D7CD1B, host id: ROyNOfAiBNojw7VTJ6tLsZeBjQ5YHILbjfubWg/D8R/C+4HORHGqcIw5ByyTr/HyOP3TWK8Ogbs=