Home > database >  Unable to grant an EC2 instance access to an Amazon S3 bucket
Unable to grant an EC2 instance access to an Amazon S3 bucket

Time:11-05

I have created an IAM Role and assigned AmazonS3ReadOnlyAccess policy to the role.

After that I have attached the IAM role to the EC2 instance as follows:

  • Choose the Actions tab, choose Security, and then choose Modify IAM role.
  • Select the IAM role that I just created, and then choose Save. The IAM role is assigned to the EC2 instance.

Now, when I login to the EC2 instance and I am still not able to connect to S3 and getting below error:

[root@ip-172-31-13-233 ~]# aws s3 ls

An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
[root@ip-172-31-13-233 ~]#

Also aws sts get-caller-identity is generating below output.

[root@ip-172-31-13-233 ~]# aws sts get-caller-identity
{
    "Account": "12345",
    "UserId": "CIDA6DCGK7EIXLKYUWLEN",
    "Arn": "arn:aws:iam::12345:user/user1"
}
[root@ip-172-31-13-233 ~]#

CodePudding user response:

For other that might be helpful. What's happening here is that the aws cli that has been installed has been configured with a user. When using EC2, there is no need to do that. you can directly run aws cli and it would automatically fetch credentials from instance metadata (if a role is associated). If, however you had created a user, then you have to go through those steps in order to revert everything back to default:

https://aws.amazon.com/premiumsupport/knowledge-center/iam-ec2-user-role-credentials/

Page link:https//www.codepudding.com/database/599233.html

Prev:Git/ Azure Devops Pipeline Issues
Next:Does anyone know if it's possible to put your Django Heroku apps onto App Store/Google Play?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding