AWS EC2 to S3 Access Issues: 'Unable to Locate Credentials' Error

I’m writing this post because I recently came across a perplexing issue while setting up a new EC2 instance, and what’s even more frustrating is that the solution turned out to be quite simple. I only managed to resolve it on my own after many unsuccessful searches on the Internet.

Introduction

Everything seemed fine with VPNs and access, but my EC2 instance just couldn’t seem to talk to any AWS resources. To make things even more fun, when I installed the AWS CLI, I got hit with the “unable to locate credentials. you can configure credentials by running aws configure” error.

After some quality time troubleshooting and closely inspecting what was going on, I had a facepalm moment — it turned out I had forgotten to set up the IAM role when creating the EC2 instance.

Here’s the straightforward fix for when you find yourself in the same pickle:

1. Creating the EC2 Instance

Start creating your EC2 instance as usual. When you get to the “Advanced details” part, keep an eye out for the “IAM instance profile” option.

1. IAM Instance Profile Setup

Click on “IAM instance profile” and give it the permissions it needs. In my case, I needed to adjust this configuration in the IAM to match my specific requirements. You can use the following IAM policy as a guide, but don’t forget to tweak it according to your own needs:

{  
    "Version": "2012-10-17",  
    "Statement": [  
        {  
            "Effect": "Allow",  
            "Action": [  
                "s3:Get*",  
                "s3:List*"  
            ],  
            "Resource": [  
                "arn:aws:s3:::trusted-data-credits-ACCOUNT-ID",  
                "arn:aws:s3:::trusted-data-clients-ACCOUNT-ID"  
            ]  
        },  
        {  
            "Effect": "Allow",  
            "Action": [  
                "s3:Get*",  
                "s3:List*",  
                "s3:PutObject*",  
                "s3:DeleteObject"  
            ],  
            "Resource": [  
                "arn:aws:s3:::analytics-data-credits-ACCOUNT-ID",  
                "arn:aws:s3:::analytics-data-clients-ACCOUNT-ID"  
            ]  
        }  
    ]  
}

1. Instance Launch

Carry on with the EC2 instance creation process like you normally would. When your shiny new instance starts up, it’ll have the right IAM role attached, granting it the permissions it needs to play nicely with AWS resources.

Conclusion

In a nutshell, in the wild world of AWS, sometimes it’s the little things that trip you up. But by remembering to configure that IAM instance profile when you’re setting up your EC2 instance, you can save yourself from some serious troubleshooting headaches and ensure your AWS resources are just a connection away.

Happy cloud adventures!