The latest articles on DEV Community by William Wayn (@willzwayn). https://dev.to/willzwayn https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F445509%2Fb4bd6169-66ff-458d-8811-9d60ebbcabf2.jpeg https://dev.to/willzwayn en William Wayn Sun, 31 Mar 2024 21:30:25 +0000 https://dev.to/willzwayn/aws-ec2-to-s3-access-issues-unable-to-locate-credentials-error-1hik https://dev.to/willzwayn/aws-ec2-to-s3-access-issues-unable-to-locate-credentials-error-1hik <p>I’m writing this post because I recently came across a perplexing issue while setting up a new EC2 instance, and what’s even more frustrating is that the solution turned out to be quite simple. I only managed to resolve it on my own after many unsuccessful searches on the Internet.</p> <h3> Introduction </h3> <p>Everything seemed fine with VPNs and access, but my EC2 instance just couldn’t seem to talk to any AWS resources. To make things even more fun, when I installed the AWS CLI, I got hit with the “<strong>unable to locate credentials. you can configure credentials by running aws configure</strong>” error.</p> <p>After some quality time troubleshooting and closely inspecting what was going on, I had a facepalm moment — it turned out <strong>I had forgotten to set up the IAM role</strong> when creating the EC2 instance.</p> <p>Here’s the straightforward fix for when you find yourself in the same pickle:</p> <ol> <li><strong>Creating the EC2 Instance</strong></li> </ol> <p>Start creating your EC2 instance as usual. When you get to the “<strong>Advanced details</strong>” part, keep an eye out for the “<strong>IAM instance profile</strong>” option.</p> <ol> <li><strong>IAM Instance Profile Setup</strong></li> </ol> <p>Click on “IAM instance profile” and give it the permissions it needs. In my case, I needed to adjust this configuration in <strong>the IAM to match my specific requirements</strong>. You can use the following IAM policy as a guide, <strong>but don’t forget to tweak it according to your own needs</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"s3:Get*"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:List*"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"arn:aws:s3:::trusted-data-credits-ACCOUNT-ID"</span><span class="p">,</span><span class="w"> </span><span class="s2">"arn:aws:s3:::trusted-data-clients-ACCOUNT-ID"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"s3:Get*"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:List*"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:PutObject*"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:DeleteObject"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"arn:aws:s3:::analytics-data-credits-ACCOUNT-ID"</span><span class="p">,</span><span class="w"> </span><span class="s2">"arn:aws:s3:::analytics-data-clients-ACCOUNT-ID"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <ol> <li><strong>Instance Launch</strong></li> </ol> <p>Carry on with the EC2 instance creation process like you normally would. When your shiny new instance starts up, it’ll have the right IAM role attached, granting it the permissions it needs to play nicely with AWS resources.</p> <h4> Conclusion </h4> <p>In a nutshell, in the wild world of AWS, sometimes it’s the little things that trip you up. But by remembering to configure that IAM instance profile when you’re setting up your EC2 instance, you can save yourself from some serious troubleshooting headaches and ensure your AWS resources are just a connection away.</p> <p>Happy cloud adventures!</p> aws ec2