DEV Community

LEWIS SAWE
LEWIS SAWE

Posted on

Creating S3 IAM roles for an EC2 Instance

#aws #devops #cloud

Challenge 005

As a cloud engineer you need to grant permissions to an EC2 instance to access an S3 bucket. EC2 instances, by default, do not have permission to access any S3 bucket. To allow an EC2 instance to access an S3 bucket, you need to configure the necessary permissions. You also need to query the S3 buckets from the EC2 instances and manipulate the S3 bucket.

Solution

The solution will be implemented through the use of AWS Console

You will login in into the console and head to the IAM tab:

-On the left panel click Roles

We are going to create a new role for the ec2 instance

  • Click Create Role
  • Choose AWS Service
  • for use case choose EC2
  • Click Next

In this step we are going to add permissions policies, you have the option to use the AWS provided ones or create a new policy based on your needs

As per the instructions that we need to create a new policy that would specific to a bucket, we will create a new policy through

Select create Policy and use the json tab, I will specify the following according to my needs which are List, Read and Write. I will specify basic actions for the policy and specify the bucket arn as the resource

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
        { 
            "Sid": "VisualEditor0", 
            "Effect": "Allow", 
            "Action": [ 
                "s3:PutObject", 
                "s3:GetObject", 
                "s3:ListBucket" 
            ], 
            "Resource": [ 
                "arn:aws:s3:::cloudforcebucketnew",  
                "arn:aws:s3:::cloudforcebucketnew/*" 
            ] 
        } 
    ] 
}
Enter fullscreen mode Exit fullscreen mode
  • Click Next
  • Review and Create the policy and role
  • The new role will be created. The next step would be to attach the role to your EC2 instance

Head over to your EC2 instance

  • Select the EC2 instance you would like to attach the role
  • In the actions tab, select security and click modify IAM role
  • Select the role you created using the name
  • click update IAM role

The IAM role is now attached to the EC2 instance

We can now access S3 through the EC2 instance

Connect to the instance

You can test it by listing all the S3 buckets

aws s3 ls s3://cloudforcebucketnew
Enter fullscreen mode Exit fullscreen mode

You can also list all objects in the sub directory with

aws s3 ls s3://cloudforcebucketnew --recursive
Enter fullscreen mode Exit fullscreen mode

S3 Challenge

And that's how you can create an IAM role for your EC2 instance to access S3 bucket

Top comments (0)

Read next

lulu_liu_c90f973e2f954d7f profile image

Secure Your Website with SafeLine-Configuring on a Standalone Server

Lulu -

notharshhaa profile image

Azure DevOps Series - Azure Pipelines

H A R S H H A A -

vkazulkin profile image

Spring Boot 3 application on AWS Lambda - Part 11 Measuring cold and warm starts of Lambda function using Docker Container Image

Vadym Kazulkin -

fernandomullerjr profile image

Configuring AWS SDK for PHP with S3

Fernando Muller Junior -