Close

Give EC2 instance access to a specific S3 bucket using IAM

Here’s the policy you need to attach to your instance’s IAM:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::bucket-name",
                "arn:aws:s3:::bucket-name/*"
            ]
        }
    ]
}

You can replace the ‘*’ above with more restrictive permissions (e.g. read only) where necessary. This approach means you don’t need to set up any kind of access keys.