[AWS] How to limit S3 bucket access by IP address

S3 bucket policy to limit access by a source IP address:

{
"Version": "2012-10-17"
"Id": "S3Policy-ID",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::BUCKET_NAME/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"x.x.x.x",
"y.y.y.y"
]
}
}
}
]
}