You can restrict access to objects in your bucket to a specific IP address by attaching a policy that contains an allowed IP address range in the Condition statement.
In the following example, a policy restricts access to two IP addresses:
179.22.0.0/16 restricts all IP addresses within the /16 subnet
129.34.67.24/32 restricts just that specific IP address
{
"Id": "Policy1512590315712",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1512590314407",
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Action": "*",
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
],
"Condition": {
"NotIpAddress": {
"aws:SourceIp": ["179.22.0.0/16","129.34.67.24/32"]
}
}
}
]
}