From 2abd6caec17d406dc3974bdca55e77643bb7115e Mon Sep 17 00:00:00 2001
From: Sergey Zhuk <sergey.zhuk@humansignal.com>
Date: Mon, 2 Dec 2024 17:50:00 +0000
Subject: [PATCH] Update security.md

---
 docs/source/guide/security.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/docs/source/guide/security.md b/docs/source/guide/security.md
index 6442e02558fe..b10ad3b2eba4 100644
--- a/docs/source/guide/security.md
+++ b/docs/source/guide/security.md
@@ -138,6 +138,9 @@ To ensure maximum security and isolation of your data behind a VPC, only allow a
 <details>
 <summary>Bucket Policy Example for S3 storage</summary>
 
+!!! warning
+    These example bucket policies explicitly deny access to any requests outside the allowed IP addresses. Even the user that entered the bucket policy can be denied access to the bucket if the user doesn't meet the conditions. Therefore, make sure to review the bucket policy carefully before saving it. If you get accidentally locked out, see [How to regain access to an Amazon S3 bucket](https://repost.aws/knowledge-center/s3-accidentally-denied-access)
+
 Go to your S3 bucket and then **Permissions > Bucket Policy** in the AWS management console. Add the following policy:
 
 ```json
@@ -162,9 +165,9 @@ Go to your S3 bucket and then **Permissions > Bucket Policy** in the AWS managem
                 "NotIpAddress": {
                     "aws:SourceIp": [
                       //// IP ranges for app.humansignal.com from the documentation
-                        "3.219.3.197/32",
-                        "34.237.73.3/32",
-                        "44.216.17.242/32"
+                        "x.x.x.x/32",
+                        "x.x.x.x/32",
+                        "x.x.x.x/32"
                     ]
                 }
             }