Skip to content

AWS S3 – set up permission to allow Cloudflare to access your bucket

To set up your policy:

  1. Follow these instructions from Amazon to Add an S3 Bucket Policy.
  2. For the step where you enter the policy in the Bucket policy editor, copy and paste the JSON code below, making sure to replace www.example.com (appearing in "Resource": "arn:aws:s3:::www.example.com/*") with the S3 bucket name for your subdomain URL.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::staging.shiroad.com/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": [
                        "2400:cb00::/32",
                        "2405:8100::/32",
                        "2405:b500::/32",
                        "2606:4700::/32",
                        "2803:f800::/32",
                        "2c0f:f248::/32",
                        "2a06:98c0::/29",
                        "103.21.244.0/22",
                        "103.22.200.0/22",
                        "103.31.4.0/22",
                        "104.16.0.0/12",
                        "108.162.192.0/18",
                        "131.0.72.0/22",
                        "141.101.64.0/18",
                        "162.158.0.0/15",
                        "172.64.0.0/13",
                        "173.245.48.0/20",
                        "188.114.96.0/20",
                        "190.93.240.0/20",
                        "197.234.240.0/22",
                        "198.41.128.0/17"
                    ]
                }
            }
        }
    ]
}
Published inArchitectureAWS

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *