DEV Community

Cover image for Simplify EC2-S3 File Access with Instance Roles
Rahul Kumar Sharma
Rahul Kumar Sharma

Posted on

Simplify EC2-S3 File Access with Instance Roles

Access all the buckets:

Create an IAM Role for the EC2 Instance:

  • Go to the IAM console in AWS and create a role.
  • Select "AWS service" as the trusted entity and choose "EC2." Click "Next: Permissions."
  • Attach the policy “AmazonS3ReadOnlyAccess” to access the S3 bucket.
  • Click "Next: Tags" (optional) and then "Next: Review."
  • Give the role a name and click "Create role."

Trusted Entity Type

Permission

Attach the IAM Role to the EC2 Instance:
Go to the EC2 console.

  • Select the instance that you want to grant S3 access.
  • Click on the "Actions" button, navigate to "Security" and then "Modify IAM Role."
  • Choose the IAM role you created in the previous step and click "Update IAM role."

Testing:

  • SSH into the instance to verify.
  • Install awscli into the instance.
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"  
unzip awscliv2.zip  
sudo ./aws/install
Enter fullscreen mode Exit fullscreen mode

Output1

Access specific S3 bucket:

Create a Custom Policy for S3 Access:

  • Click "Create policy" to define a custom policy that grants list access to all S3 buckets and read access to a specific S3 bucket.
  • Click "JSON" and paste the following policy:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::bucket-name",
                "arn:aws:s3:::bucket-name/*"
            ]
        }
    ]
}

Enter fullscreen mode Exit fullscreen mode

Create a New Role:

  • Click on "Roles" in the left sidebar, then click "Create role."
  • Select "AWS service" as the trusted entity type.
  • Choose "EC2" under the "Use case" section, then click "Next” and attach the policy which you created.

Attach the IAM Role to the EC2 Instance:

  • Go to the EC2 console.
  • Select the instance that you want to grant S3 access.
  • Click on the "Actions" button, navigate to "Security" and then "Modify IAM Role."
  • Choose the IAM role you created in the previous step and click "Update IAM role."

Testing:

Output2

Let's Connect!

Top comments (0)