Give EC2 IAM role read access to S3 bucket
10,172
From your EC2 insctance, you will also have to retrieve the temporary credentials in the instance metadata:
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/<your-iam-role-name>
You shall then use the provided access and secret key to access your S3 bucket.
Related videos on Youtube
Author by
dignoe
Updated on September 18, 2022Comments
-
dignoe over 1 year
I have an AWS Elastic Beanstalk Rails app that I am configuring via the config script to pull some files from an S3 bucket. When I start up the application, I keep receiving the following error in the logs (bucket name has been changed for security):
Failed to retrieve https://s3.amazonaws.com/my.bucket/bootstrap.sh: HTTP Error 403 : <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>Access Denied</Message>
Config file:
packages: yum: git: [] files: /opt/elasticbeanstalk/hooks/appdeploy/pre/01a_bootstrap.sh: mode: "00755" owner: root group: root source: https://s3.amazonaws.com/my.bucket/bootstrap.sh
The Elastic Beanstalk environment is setup with the
aws-elasticbeanstalk-ec2-role
IAM role as it's instance role. This role has the following policy:{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:Get*", "s3:List*" ], "Resource": "arn:aws:s3:::my.bucket/*" } ] }
And the S3 bucket has the following policy:
{ "Version": "2008-10-17", "Statement": [ { "Sid": "Stmt1371012493903", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<account #>:role/aws-elasticbeanstalk-ec2-role" }, "Action": [ "s3:List*", "s3:Get*" ], "Resource": "arn:aws:s3:::my.bucket/*" } ] }
What do I need to change to give my EC2 instances access to my S3 bucket?
-
Céline Aussourd about 9 yearsHow do you use the access and secret key to access the S3 bucket? Do you have an example? Cheers