Updated: Oct 10
Learn to attach IAM roles to EC2 instances for S3 access.
Log in to the AWS management console. Find for IAM service in the search bar provided on the page.
Click on the Roles in the left navigation pane and click on Create Role.
Similar screen will appear as the image given below.
Select the first AWS service tile as shown below.
Click on EC2.
Click on Next: Permissions.
Next attach permissions policies to the role.
Search for AmazonS3FullAccess and select the policy.
Click on Next
Provide Name = EC2_S3_ROLE and click on Create role in the bottom right corner.
Provision Linux Instance. You may refer to our document for
After the instance is in Running state click on Actions Button.In the Security
option click in Modify IAM role.
Select the IAM role that is created previously in this documentfrom the drop down. In this case it is EC2-S3. Click on Update IAM role.
Connect to the instance. Type the following command in the terminal.
aws s3 mb s3://mysourcebucket6847
Using this command, a bucket will get created in the S3 service.
Navigate to the S3 service and ensure that your bucket has been created.
Go to EC2 Services and detach the role using following steps. Go to
Action -> Security -> Modify IAM role
Select No IAM Role from the drop down.Click on Update IAM role.
A pop-up window will appear confirming the detach role process.Enter ‘Detach’ in the field and click on Detach.
Go back to the Instance Connect Window. Try creating a bucket with different name.
An error occurs. This explains that the IAM role with right permissions is required to access S3 service.
Re-Attach the role using instructions from Step 8.And create that bucket using the same command.
The bucket is created.Confirm the same in S3 service.
Further if you don’t need this instance and role make sure you terminate and delete them.
Was this document helpful? How can we make this document better. Please provide your insights. You can download PDF version for reference.