DEV Community

Cover image for How can I connect or access an AWS S3 bucket from an Amazon EC2 Instance?
Tanmay Shukla
Tanmay Shukla

Posted on • Updated on


How can I connect or access an AWS S3 bucket from an Amazon EC2 Instance?

In this tutorial I'll show you step by step to connect & access your S3 bucket from EC2 instance via IAM Roles.

Step-1) Create an IAM instance profile that grants access to Amazon S3.

  • Open the IAM console.
  • Choose Roles, and then choose Create role.
  • Select AWS Service, and then choose EC2.
  • Select Next: Permissions.
  • Create a custom policy that provides the minimum required permissions to access your S3 bucket. Image 0

Note: Creating a policy with the minimum required permissions is a security best practice. However, to allow EC2 access to all your Amazon S3 buckets, you can use the AmazonS3ReadOnlyAccess or AmazonS3FullAccess managed IAM policy.

  • Select Next: Tags, and then select Next: Review.
  • Enter a Role name, and then select Create role.

Step-2) Create an EC2 instance and attach IAM instance profile to this instance

  • Create the EC2 instance (Launch an EC2 instance in 1 min)
  • For this click on checkbox on that instance and go to Actions tab > Security > Modify IAM role.
    Image 1

  • Now select the IAM role that you created in step-1 then save it. This will assign the IAM role to your ec2 instance.
    Image 2

Step-3) Validate S3 to check permissions, if it has any denying policy attached to it.

  • Go to Permissions>Bucket Policy then search fo Effect:Deny
  • Now in your bucket policy, edit or remove any Effect: Deny statements that are denying the IAM instance profile access to your bucket.

Image 3

Step-4) Check the network connectivity from EC2 instance to Amazon S3.

  • Verify if EC2 has network connectivity to S3 Endpoints
  • We need to make sure that our instance must possess one of the following quality
    • [] EC2 instance with a public IP address and a route table entry with the default route pointing to an Internet Gateway.
    • [] Private EC2 instance with a default route through a NAT gateway.
    • [] Private EC2 instance with connectivity to Amazon S3 using a Gateway VPC endpoint.

Step-5) Validate access to S3 buckets

  • First we need to Install AWS CLI Install or update AWS CLI
  • To Verify access to your S3 buckets by running the following command. Replace BUCKET-NAME with the name of your S3 bucket. This command will list all the objects in your bucket:
aws s3 ls s3://BUCKET-NAME
Enter fullscreen mode Exit fullscreen mode

Image 4
Image 5

Note: Run the AWS s3 cp command to copy the files to the S3 bucket and vice versa but remember to give IAM role AmazonS3FullAccess or AdminsterAccess.
Now as we have also installed the aws command line you can simply use the following commands to copy the files to S3 Bucket from EC2.

# To List the S3 Bucket 
aws s3 ls s3://<S3bucketName>

# To copy the files from EC2 to S3
aws s3 cp <Fully Qualified Local filename> s3://<S3BucketName>

Enter fullscreen mode Exit fullscreen mode

Addition resources:

Connect with me

Top comments (0)