A common way to protect sensitive data is to limit access to specific server addresses. To allow Labelbox servers to access your data, add the following adresses to your allow list, also called a whitelist. 
35.223.142.181/32
34.135.127.45/32
For automation purposes, we maintain a text file listing these addresses. A YAML file is also available. You can also use a virtual private network (VPN) to protect your data. Here, you would put your source data behind a local network or VPN and then add the the VPN’s IP address range to your allow list. You can also allow access from an IP range outside your organization, such as the wiki network used by an external labeling team.

AWS S3 access

For AWS S3 buckets, use an IP address bucket policy (Amazon AWS docs) to permit access to specific addresses. If the policy supports specific addresses, only connections using those addresses can access files buckets using the policy. This includes VPN address ranges, wifi networks, and specific IP addresses. If a users, such as an individual labeler, connects to a supported VPN network, they can access your data through that connecion. When they disconnect the supported network, they’re no longer able to access the data. In the following example, access is permitted only from the address shown. You will likely need to update the example to suit your needs. 
{
  "Version": "2012-10-17",
  "Id": "S3PolicyId1",
  "Statement": [
    {
      "Sid": "IPAllow",
      "Effect": "Allow",
      "Principal": "*",
      "Action": [ "s3:GetObject" ],
      "Resource": "arn:aws:s3:::examplebucket/*",
      "Condition": {
         "IpAddress": {"aws:SourceIp": "54.240.143.0/24"},
      }
    }
  ]
}
To learn more, see Blocking public access to your Amazon S3 storage (Amazon AWS docs).

Find your IP range

In many cases, routers are configured to support 255 IP addresses. Many tools can help you determine your current IP address, including: Once you have your IP address, you can calculate the block of addresses you need to allow. For example, suppose your IP address is 192.168.1.68. In that case, you’d want to allow access from 192.168.1.0 to 192.168.1.255. If you’re unsure about your IP address or need additional help, contact your local network administrator.