Here’s the policy you need to attach to your instance’s IAM:
Announcement
You can find all my latest posts on medium.{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::bucket-name", "arn:aws:s3:::bucket-name/*" ] } ] }
You can replace the ‘*’ above with more restrictive permissions (e.g. read only) where necessary. This approach means you don’t need to set up any kind of access keys.