AWS IAM 通过策略设置,实现对账户及其访问密钥(AK/SK)的IP白名单限制,也算是best practices了。
{"Version": "2012-10-17","Statement": {"Effect": "Deny","Action": "*","Resource": "*","Condition": {"NotIpAddress": {"aws:SourceIp": ["10.0.0.0/8","172.0.0.0/8","192.168.0.0/16","123.123.123.123"]},"Bool": {"aws:ViaAWSService": "false"}}}
}
可以将公司出口IP、内网服务器IP等统统加入到IP白名单中,这样就可以实现对账户及其访问密钥(AK/SK)的IP白名单限制了。
隐式类型转换)
