Access denied to S3 bucket from ec2 docker container
Question
I have launched an EC2 instance which is needed to connect to s3 bucket. i created IAM role and linked it to EC2 instance. and from EC2 awscli i can list the files, however i deployed a container in that EC2 and when trying to list the file, I am getting the error -
An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
IAM-Role
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::my-bucket/*",
]
}
]
}
Can somebody please suggest. why i can access the s3 from an ec2 instance but not from the container running on the same EC2 instance.
1 answers
solution1
1 2019-05-02 21:23:10
The ListBucket call is applied at the bucket level, so you need to add the bucket as a resource in your IAM policy (as written, you were just allowing access to the bucket's files):
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
]
See this for more information about the resource description needed for each permission.
The fact that you were able to get the bucket listing from a shell running on the EC2 instance indicates to me that you have another user configured. Look for files in $HOME/.aws and environment variables that start with AWS .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.