= AWS/Policy/s3-signed-url =

 * Example of policy allowing single resource in s3 to be downloaded using signed url 
   * Also allows s3 access from single ip '''99.99.120.55/32'''

{{{

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::c11284a125440l871709t1w055333526116-s3bucket-16swdvc80comq/*",
                "arn:aws:s3:::c11284a125440l871709t1w055333526116-s3bucket-16swdvc80comq"
            ],
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": [
                        "99.99.120.55/32"
                    ]
                }
            }
        },
        {
            "Sid": "DenyOneObjectIfRequestNotSigned",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::c11284a125440l871709t1w055333526116-s3bucket-16swdvc80comq/report.html",
            "Condition": {
                "StringNotEquals": {
                    "s3:authtype": "REST-QUERY-STRING"
                }
            }
        }
    ]
}

}}}