stackoom
  简体   繁体   中英

AWS EC2 access to S3 with IAM role

 原文  2017-01-12 03:52:25       amazon-web-services/ amazon-s3/ amazon-ec2/ amazon-iam

Question

Scenario: I have an EC2 instance and a S3 bucket under the same account, and my web app on that EC2 wants access to resources in that bucket.

Following official docs, I created an IAM role with s3access and assigned it to the EC2 instance. To my understanding, now my web app should be able to access the bucket. However, after trials, seems I have to add a allowPublicRead bucket policy like this: 

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AllowPublicRead",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mybucket/*"
        }
    ]
}

Otherwise I got access forbidden.

But why should I use this allowPublicRead bucket policy, since I already granted s3access IAM role to the EC2 instance?

1 answers

solution1
 2 ACCPTED  2017-01-12 04:10:24

S3 s3:GetObject只允许访问ec2实例中的对象,你想要的是从web-app访问这些对象,这意味着从你的浏览器,在这种情况下,这些图像/对象将呈现给用户浏览器,如果它面向公众的应用程序,您还需要分配AllowPublicRead权限。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS IAM Role in EC2 and access to S3 from JupyterHub AWS EC2 IAM role access denied on S3 AWS EC2 IAM role for S3 access not working Unable to access S3 file with IAM role from EC2 EC2 cannot access S3 object via IAM role AWS: Mounting S3 bucket to EC2 via s3fs (iam role) executes but does not work Can't access S3 bucket using IAM Role from an EC2 instance Cannot access s3 from application running on EKS EC2 instance, IAM assume role permissions issue Static content for AWS EC2 with IAM role AWS EC2 IAM Role Credentials
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM