Creating S3 IAM roles for an EC2 Instance
Challenge 005
As a cloud engineer you need to grant permissions to an EC2 instance to access an S3 bucket. EC2 instances, by default, do not have permission to access any S3 bucket. To allow an EC2 instance to access an S3 bucket, you need to configure the necessary permissions. You also need to query the S3 buckets from the EC2 instances and manipulate the S3 bucket.
Solution
The solution will be implemented through the use of AWS Console
You will login in into the console and head to the IAM tab
On the left panel click Roles
We are going to create a new role for the ec2 instance
Click Create Role
Choose AWS Service
for use case choose EC2
Click Next
In this step we are going to add permissions policies, you have the option to use the AWS provided ones or create a new policy based on your needs
As the instructions specified that we need to create a new policy that would specify a specific bucket, we will create a new policy
Select create Policy and use the json tab, I will specify the following according to my needs which are List, Read and Write. I will specify basic actions for the policy and specify the bucket arn as the resource
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::cloudforcebucketnew", "arn:aws:s3:::cloudforcebucketnew/*" ] } ] }
Click Next
Review and Create the policy and role
The new role will be created.
The next step would be to attach the role to your EC2 instance
Head over to your EC2 instance
Select the EC2 instance you would like to attach the role
In the actions tab, select security and click modify IAM role
Select the role you created using the name
click update IAM role
The IAM role is now attached to the EC2 instance
We can now access S3 through the EC2 instance
Connect to the instance
You can test it by listing all the S3 buckets
aws s3 ls s3://cloudforcebucketnew
You can also list all objects in the sub directory with
aws s3 ls s3://cloudforcebucketnew --recursive
And that's how you can create an IAM role for your EC2 instance to access S3 bucket