Recently I had to setup some restricted permissions for some S3 buckets, and a requirement for the project was that we needed to grant (POST/DELETE) only from a specific IP and deny for a specific IAM user.
I started by reviewing the AWS documentation but found that their example for restricting access to a specific IP didn’t seem to work for me. After some try and error and searching the internet and bashing my head on the wall I finally managed to nail it down to this config:
This could be used as well for added layers of security with your existing applications that use/access S3 - not just nodes within a VPC. I hope this helps someone out there from any undue stress when trying to securing your S3 access.