Restrict data access by IP range

By protecting your source data behind a local network or VPN, only users inside that intranet can view the data. That means that even Labelbox servers won’t be able to access your data.

For example…

Lets say we have an image “http://

Whitelist an IP range for an AWS bucket

It’s recommended to use the IP range of your VPN so that you can access and review data from anywhere and better manage access to your network. We recommend openvpn.net if you want to set up a new VPN.

However, you can also choose to whitelist the IP range of a wifi network. For example if you can’t give VPN access to an outsourced labeling firm you can whitelist their network.

Finding Your IP Range
Typically a router will be configured for 255 IP addresses. Visit whatsmyip.org to see your computer’s IP address. For example if it was 192.168.1.68 then your IP range would be 192.168.1.0 - 192.168.1.255 If you’re under a company VPN you should contact an administrator to get a static IP range.

Once you have your IP range, you should add a IP address bucket policy in AWS.

{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": "*",
"Action": [ "s3:GetObject" ],
"Resource": "arn:aws:s3:::examplebucket/*",
"Condition": {
"IpAddress": {"aws:SourceIp": "54.240.143.0/24"},
}
}
]
}

If set up correctly you should be able to load the image while connected to your VPN or wifi network and then once you disconnect or switch networks the image should fail to load.

Now you simply need to upload a list of s3 paths to Labelbox, see these docs.


Was this page helpful?