S3 PutObject operation gives Access Denied with IAM Role containing Policy granting access to S3

Question

I have an IAM role with a custom policy attached to it allowing access to an S3 bucket we'll call foo-bar. I've tried granting access to that specific resource, with PutObject and a couple other actions. That IAM Role is attached to an EC2 instance yet that EC2 instance does not have access to upload files when I use aws s3 sync. s3://foo-bar.

To test if it was an issue with the policy, I just granted S3:* to * resources, and it still won't upload.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "cloudformation:ListExports", "s3:*" ], "Resource": "*" } ] }

The error I get at the CLI is:

upload failed: infrastructure\vpc.template to s3://foo-bar/infrastructure/vpc.template An error occurred (AccessDenied) when calling the PutObject operation: Access Denied

Is there something else I need to do in order to give it access? Why isn't the Policy attached to the IAM Role working?

Answer 1

I tried running it with --debug to see what's going on. This helped me discover that I have a local .aws/credentials file which overrode the IAMRole attached to the machine.

If you need the credentials file - you can have a different profile [some name] and use --profile to choose it.

HTH.