AWS S3 Bucket Access from EC2
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Overview
AWS S3 (Simple Storage Service) is a highly secure, durable, and scalable object storage service provided by Amazon Web Services (AWS). It's frequently used for data storage, ranging from basic backups to large-scale data lakes. When running tasks on Amazon EC2 instances, it might become necessary to interact with S3 buckets — for example, reading from or writing to a bucket.
This article will guide you through the necessary steps to enable your EC2 instances to access S3 buckets, highlighting various methods, their configurations, best practices, and security considerations.
Basic Concepts
Understanding a few basic AWS concepts is crucial before moving forward:
- IAM (Identity and Access Management): IAM is used for managing access to AWS services and resources securely.
- IAM Role: An IAM role is an AWS identity with permission policies that determine what the identity can and cannot do in AWS.
- IAM Policy: A JSON document defining permissions to determine who can do what on an AWS resource.
Accessing S3 Buckets
There are multiple approaches to allow an EC2 instance access to an S3 bucket:
- IAM Roles with S3 Bucket Policies: Assigning an IAM role with a defined policy directly linked to your EC2 instance.
- Access Keys: Using AWS SDKs or CLI by manually configuring access keys and secret keys.
Method 1: IAM Roles with S3 Bucket Policies
This is the most recommended approach due to its security benefits:
- Create an IAM Role for EC2 with S3 Access:
- Navigate to the IAM console.
- Select `Roles` and click on `Create Role`.
- Choose `AWS Service` as the type of trusted entity, then choose `EC2`.
- Attach a policy granting necessary S3 permissions (e.g., `AmazonS3ReadOnlyAccess` for read-only access).
- Modify the S3 Bucket Policy (if necessary):Attach a bucket policy to the S3 bucket to allow the IAM role access:
- When launching an EC2 instance, in the `Configure Instance` details step, apply the IAM role you created.
- From the IAM console, select `Users`, choose your user, and under `Security credentials`, create access keys.
- Use AWS CLI to set up the credentials:
- Input the access key ID and secret access key when prompted.

