I am creating an Electron.js app and I am using S3 to host the new releases of my app. I can't leave the S3 bucket open to the public and need to limit it only to the users in the company where the app will be used. Therefore, I decided to limit access to the bucket by the company's IP address. However, when Electron-updater checks for an update, I get the Error: HttpError: 403 Forbidden. This is the bucket policy I am using:
{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::BUCKETNAME",
"arn:aws:s3:::BUCKETNAME/*"
],
"Condition": {
"NotIpAddress": {
"aws:SourceIp": "Company's IP Address"
}
}
}
]
}
When Electron-Updater checks to see if there is a new update, I get the Error: HttpError: 403 Forbidden. It shouldn't be, because the request is coming from the IP of the company. I am wondering if maybe for some reason the request is coming from a different IP. I tried to use the S3 access logs (I have never used them), but nothing gets saved in the bucket I create to store those logs. I am at a loss as to what the problem is.
If I understood the Question, you want Allow Only from Specific IP's.
{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::BUCKETNAME",
"arn:aws:s3:::BUCKETNAME/*"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"CIDR",
"CIDR"
]
}
}
}
]
}