S3 – Use IAM role to grant S3 access to ec2 instances

Not sure if this is article works (at least it works without setting up any bucket policies). Need to investigate further.

I recently discovered that you don’t need to set up S3 bucket policies in order to give an EC2 access to an s3 bucket (or folder). Say you want to copy files to an s3 bucket from an EC2 instance:

$ aws s3 cp /path/to/testfile.txt s3://s3-bucketname/path/to/s3-bucket-folder

Then you need to do the following:

1. attach an IAM role to your ec2 instance
2. create the following policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::s3-bucketname",
                "arn:aws:s3:::s3-bucketname/path/to/s3-bucket-folder"
            ]
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:HeadBucket"
            ],
            "Resource": "*"
        }
    ]
}

3. attach this policy to your IAM role.
4. you might need to reboot the ec2 instance for the changes to take effect.