S3存储桶策略限制IP地址

Question

我在下面创建了存储桶策略，但是我无法访问我前几天设置的服务器中的任何图像（得到403）。如何在条件下允许特定的IP地址？

{
"Version": "2012-10-17",
"Id": "Policy1527266936788",
"Statement": [
    {
        "Sid": "Stmt11111111,
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:*",
        "Resource": "arn:aws:s3:::xxxxx/*",
        "Condition": {
            "IpAddress": {
                "aws:SourceIp": "xx.xx.xxx.xxx/24"
            }
        }
    }
]
}