AWS - S3 - Apply bucket policy for public read and office IP read and write

Here's the sample S3 Bucket policy when you have a pulic read bucket but only restrict write/update access to office network

If you enable everyone list your bucket from permission menu, everyone could grep the whole list of our bucket object by browsing your root domain url 


 {
  "Id": "Policy1346919974114",
  "Statement": [
    {
      "Sid": "Stmt1346917860156",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::origin-pdf.domain.com/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "110.174.240.29/26",
            "175.143.152.282/32"
          ]
        }
      },
      "Principal": {
        "AWS": [
          "*"
        ]
      }
    },
    {
      "Sid": "Stmt1346919900506",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::origin-pdf.domain.com/*",
      "Principal": {
        "AWS": [
          "*"
        ]
      }
    }
  ]
}