Access all the buckets:
Create an IAM Role for the EC2 Instance:
- Go to the IAM console in AWS and create a role.
- Select "AWS service" as the trusted entity and choose "EC2." Click "Next: Permissions."
- Attach the policy “AmazonS3ReadOnlyAccess” to access the S3 bucket.
- Click "Next: Tags" (optional) and then "Next: Review."
- Give the role a name and click "Create role."
Attach the IAM Role to the EC2 Instance:
Go to the EC2 console.
- Select the instance that you want to grant S3 access.
- Click on the "Actions" button, navigate to "Security" and then "Modify IAM Role."
- Choose the IAM role you created in the previous step and click "Update IAM role."
Testing:
- SSH into the instance to verify.
- Install awscli into the instance.
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
Access specific S3 bucket:
Create a Custom Policy for S3 Access:
- Click "Create policy" to define a custom policy that grants list access to all S3 buckets and read access to a specific S3 bucket.
- Click "JSON" and paste the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::bucket-name",
"arn:aws:s3:::bucket-name/*"
]
}
]
}
Create a New Role:
- Click on "Roles" in the left sidebar, then click "Create role."
- Select "AWS service" as the trusted entity type.
- Choose "EC2" under the "Use case" section, then click "Next” and attach the policy which you created.
Attach the IAM Role to the EC2 Instance:
- Go to the EC2 console.
- Select the instance that you want to grant S3 access.
- Click on the "Actions" button, navigate to "Security" and then "Modify IAM Role."
- Choose the IAM role you created in the previous step and click "Update IAM role."
Testing:
Top comments (0)