diff --git a/main.tf b/main.tf
index afc3262..ef28fe9 100644
--- a/main.tf
+++ b/main.tf
@@ -130,6 +130,13 @@ data "aws_iam_policy_document" "this" {
     }
   }
   statement {
+      sid           = "IPAddressRestriction"
+      effect        = "Deny"
+      actions       = ["s3:*"]
+      principals {
+        type        = "AWS"
+        identifiers = ["*"]
+      }
       dynamic "condition" {
         for_each = local.s3_bucket_conditions
         iterator = c