If you missed the pre-registration for NetApp MS Azure AD B2C, the new login prompt will offer the option to register. Please note that access to your NetApp data may take up to 1 hour.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Ask The Experts

Need StorageGRID access policy based on IP address


Hi all,


I would like to block access to some buckets from the world, except for the local networks.

How do I do that? I found the policies in the documentation, especially the "IP range" example, but when I push the policy to the bucket (aws s3api put-bucket-policy...) the "Condition" keyword is not recognized.


The note in the docu says, that this keyword is only supported in the Tenant Management interface.


But how is it used, then?


Thanks and kind regards





Hi there!


Are you trying to push the policy using a tenant account? or the administrator account?


In the devolved permission model common in the cloud, the tenant's permissions are not a subset of the administrator - they are often a superset - so some actions must be done by the tenant only.


Hi Alex,


I tried to push via "aws s3api put-bucket-policy --bucket..." as tenant (like described in https://docs.netapp.com/sgws-112/topic/com.netapp.doc.sg-s3/GUID-D15FCD21-1869-4546-9234-56227206AB99.html)


The JSON file uses the resource "urn:sgws:s3:::<BUCKET>" and tries to enforce a condition "NotIpAddress", which, as per documentation "is only supported in the Tenant Management Interface".


All I want is to prohibit access to buckets from the internet, but it doesn't work as I imagine...


Thanks for your reply.



I would like to recall my question 😄


Of course, StorageGRID will never see IP addresses of connecting clients, but only the address of the load balancer.


So, I will have to find another solution, I guess...


Best regards



NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner