Reputation: 430
S3 authentication via EC2 without passing AWS Access Key & Secret key in code or storage
I am trying to access S3 buckets via EC2 machine using python SDK(Boto). I know we can do by IAM roles by using its access key and secret key. We can use it by hardcoding in code or store it in config file on EC2 local storage. I know we can create a policy and role and assign to EC2 machine
But is there any another way without putting access key and secret key in python program or ec2 storage we can access S3 bucket or any AWS resources?
My motto is I have to access aws resources via python program without using access key and secret key and secure my access key and secret key.
Upvotes: 2
Views: 2025
Answers (1)
Reputation: 903
Create an IAM role and attach the policy AmazonS3ReadOnlyAccess - for listing the s3 buckets, for full access attach the AmazonS3FullAccess.
Since you want this operation to be done in ec2, in trust relationship of IAM role, give
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Refer: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
Upvotes: 5
Related Questions
- How to specify credentials when connecting to boto3 S3?
- Pulling data from S3 using an address and access key from Python
- Downloading Files on a Public S3 Bucket Without Authentication Using Python
- Downloading data from S3 amazon public bucket without having AWS access key
- How to access AWS S3 Objects in a secure way
- Verifying S3 credentials w/o GET or PUT using boto3
- How to get access to data storage on Amazon S3 using access key, secret key and working bucket ID?
- How to setup AWS Credentials in Python
- Is there a way to create a S3 connection with a sessions token?
- S3 Authenticate User without Secret Key