IAM Access Policies allow you to restrict access to your AWS account to a specific set of IP addresses.

For example, you can block all API requests that don't originate from the Skeddly network. You can use this technique as an added level of protection for your AWS account.

Skeddly's API requests originate from the following public IP addresses:

  • 52.72.140.215
  • 52.200.112.43
  • 52.200.113.35

To improve the security of your IAM roles and IAM users that you use with Skeddly, please add the following IAM access policy to your user or role (do not replace the one generated by our IAM Policy Generator):

{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Deny",
    "Action": "*",
    "Resource": "*",
    "Condition": {"NotIpAddress": {"aws:SourceIp": [
      "52.72.140.215/32",
      "52.200.112.43/32",
      "52.200.113.35/32"
    ]}}
  }
}


However, please note that we use VPC Endpoints for access to Amazon S3. So this restriction will not work if you want Skeddly to act on your S3 buckets. You could, optionally, add "10.0.0.0/8" to the list of restricted IP addresses to allow for S3 access. However, that IP range is not guaranteed to be unique.
 
For more information, please see the following AWS documents:

Did this answer your question?