Temporarily block data transfers between AWS Regions in Amazon S3
Storage Blog
This article explains how to temporarily block data transfers between AWS Regions in Amazon S3 to prevent unwanted cross-region data transfer charges. It discusses using an S3 bucket policy with the "NotIpAddress" condition to restrict access from specified AWS Regions by blocking their IP addresses.
Specifically, the article covers:
- Solution overview and prerequisites
- Step-by-step walkthrough to create an S3 bucket policy blocking IP addresses from unwanted AWS Regions
- Investigating the source of unwanted inter-Region transfers using AWS logs
- Cleaning up by removing the "NotIpAddress" condition to re-allow access
- Conclusion highlighting the flexibility of S3 bucket policies for dynamic access control
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
May 31
2024
2024
Transferring data in Amazon S3 between AWS GovCloud (US) Regions and commercial AWS Regions using AWS DataSync
May 17
2024
2024
Transfer customer managed SSE-KMS encrypted objects across AWS accounts and Regions using AWS DataSync
Oct 15
2025
2025
Migrate encrypted Amazon EC2 instances across AWS Regions without sharing AWS KMS keys
Nov 17
2025
2025
How to use Amazon S3 Multi-Region Access Points to streamline and reduce the cost of writing across AWS Regions
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.