Tech Universe

Accessing S3 Bucket with IAM Role

Asma Akram's photo
Asma Akram
·

2 min read

What is IAM?

Identity and Access Management is a web service which securely manage identities and access to AWS services and resources. With IAM you can control which users can access which AWS Services. With IAM you can choose who is authenticated(who is signed in) and who is authorized(who have permissions) to access the AWS Resources. When we create an AWS Account, the root user account gets created and it has complete access to all the AWS services and resources. It is a best practice is to not use root user for all the task, it is advisable to create IAM Users and start giving permissions to IAM users according to the need of Organization.

There are two important types of policies: Identity-Based-Policies They are attached to an IAM user, group, or role. These policies will tell what all permissions the user, group or role have. For example, you can attach the policy to the IAM user named Asma, stating that she is allowed full access to the Amazon EC2 Instances action.

Resource-Based-Policies They are attached to a resource. For example, you can attach resource-based policies to Amazon S3 buckets, Amazon SQS queues, VPC endpoints etc. With resource-based policies, you can specify who has access to the resource and what actions they can perform on it.

Here in this tutorial we will learn accessing an Amazon S3 bucket from an EC2 instance using an IAM (Identity and Access Management) role involves several steps. IAM roles provide temporary security credentials that can be assumed by AWS services, such as EC2 instances, to access other AWS resources like S3 buckets without the need for long-term access keys.

Please go through my GitHub Repo link for the detailed steps.

https://github.com/Asma09Akram/Accessing-S3-with-IAM-Roles/tree/main

In the tutorial I followed the below steps to access S3 bucket from EC2 instance

Prerequisites:

** Create an empty S3 bucket in your AWS Account

  1. Created an IAM Role with Select "AWS service" as the type of trusted entity. And selected "EC2" as the use case.

  2. Attach policies "AmazonS3FullAccess" that grant the necessary permissions for accessing S3

  3. Next I created a new EC2 Instance and in Advanced I selected the EC2 Role which I created in 1st Step.

  4. Then connected to EC2 instance and used CLI to access S3 bucket from EC2.

  5. I then created new files and moved those files from EC2 instance to S3 bucket

Appreciate your time reading! If you learn something new it would be fantastic to help others discover it. Feel free to share your insights and comments below, I’m eager to hear your thoughts!

S3S3-bucketIAMIAM,MFA,Access key ID,Secret access key