PH Software Engineer
This article assumes you have some familiarity with the AWS ecosystem.
When using the AWS CLI on an EC2 instance for accessing AWS resources like your S3 buckets, you might encounter a permission error and prompted to run
as shown here:
You can follow their instructions and simply populate the AWS Access Key Id and AWS Secret Key Id with your own credentials or from another IAM User’s credentials and that should work as it gives the instance proper permissions to your AWS resources:
However, that is misleading. For our local computers that’s how we configure the AWS CLI but for EC2 instances that is a bad way of configuring the cli and it is insecure.
1. Create an IAM Role.
2. Attach the minimum permissions to the IAM Role.
3. Add Tags to the IAM Role (Optional).
4. Finish creating the IAM Role.
5. Attaching the IAM Role to an EC2 instance.
1. Running AWS CLI command now returns the expected response, showing a list of s3 buckets:
2. Check EC2 access on resources it does not have permissions to access:
And so in this way we can see that the EC2 instance has now the minimum permissions we want without having to put in any AWS credentials.
Create your free account to unlock your custom reading experience.