CODEWITHSUNDEEP
amazon-web-servicesamazon-s3amazon-ec2amazon-iam
sumanth shetty
sumanth shetty

Reputation: 2181

How to check if my EC2 has access to s3 bucket in same account?

I have an ec2 instance working on ubuntu 18.4. and an s3 for in a same region.

I want my ec2 to connect to s3. My S3 is in a default state I just created it and have uploaded a file int it. Currently, the access state is "Bucket and objects not public".

I created a role which holds a policy

"Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": [
                "arn:aws:s3:::bucketname",
                "arn:aws:s3:::bucketname/*"
            ]
        }
    ]

have attached the role to Ec2 instance.

I want to check if my ec2 will be able to access the S3 and how would I do that?

and

My ec2 is a web server which will access buckets for images, do I have to do anything else along with these steps?

Upvotes: 3

Views: 7026

Answers (3)

Himanshu Garg
Himanshu Garg

Reputation: 1

In some cases sudo apt install -y awscli can throw space issues. Please check Validate access to S3 buckets. on aws official page https://aws.amazon.com/premiumsupport/knowledge-center/ec2-instance-access-s3-bucket/

Upvotes: -1

Marcin
Marcin

Reputation: 238497

Typically you could ssh into the instance, install awscli on Ubuntu and run aws s3 ls or similar command against the bucket you want.

For example:

sudo apt install -y awscli

aws s3 ls s3://bucketname

My ec2 is a web server which will access buckets for images, do I have to do anything else along with these steps?

If your application uses AWS SDK, then you don't have to do anything. The SDK will get credentials from your instance role.

Also a good practice is to use Grant Least Privilege rule. Thus depending on your needs you could limit your policy to only read operations or just the actions you need, instead of using '*' for everything.

Hope this helps.

Upvotes: 9

Chris Williams
Chris Williams

Reputation: 35238

As long as your S3 bucket does not have a bucket policy (which should not be there as you created in default state).

You should set your policy to the following to limit scope to S3

{
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::bucketname",
                "arn:aws:s3:::bucketname/*"
            ]
}

If you have the AWS CLI installed on your server you should be able to run a s3 CLI command such as aws s3 ls s3://bucketname. This should list all objects in the S3 bucket (including the file you created).

Upvotes: 2

Related Questions