Explore Courses Blog Tutorials Interview Questions
0 votes
in AWS by (19.1k points)

I created my file and uploaded it during the creation of my Beanstalk (docker) environment. I also uploaded the .dockercfg file created by the "docker login" command into the S3 bucket specified in the configuration.

However, when I attempt to start-up the environment I receive the error (bottom of post) stating that the EC2 instance doesn't have access to the .dockercfg file in the bucket. How do I make sure the beanstalk application can access the config json file in the provided S3 bucket?

i-64c62de7  Severe  1 day   -   -   -   -   -   -   -   -   -   -   0.00    0.01    0.3 0.0 0.0 99.6    0.1

    Application deployment failed at 2016-02-27T04:30:54Z with exit status 1 and error: Hook /opt/elasticbeanstalk/hooks/appdeploy/pre/ failed.

Traceback (most recent call last):

File "/opt/elasticbeanstalk/containerfiles/support/", line 18, in 

download_auth(argv[1], argv[2], get_instance_identity()['document']['region'])

File "/opt/elasticbeanstalk/containerfiles/support/", line 15, in download_auth


File "/usr/lib/python2.7/dist-packages/boto/s3/", line 1712, in get_contents_to_filename


File "/usr/lib/python2.7/dist-packages/boto/s3/", line 1650, in get_contents_to_file


File "/usr/lib/python2.7/dist-packages/boto/s3/", line 1482, in get_file


File "/usr/lib/python2.7/dist-packages/boto/s3/", line 1514, in _get_file_internal


File "/usr/lib/python2.7/dist-packages/boto/s3/", line 343, in open


File "/usr/lib/python2.7/dist-packages/boto/s3/", line 303, in open_read

self.resp.reason, body)

boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden

<?xml version="1.0" encoding="UTF-8"?>

AccessDeniedAccess Denied910AD275D3E3110A682j0cjMsfurjyy/PGT3W9wRxI+4sh+rrESuw2WpInERcn4p4f9XGwBFdpBmDYQc

Failed to download authentication credentials dockercfg from my-s3-bucket.

1 Answer

0 votes
by (44.4k points)
edited by

The IAM role should be created as such it can access your bucket and key, something like this:


    "Version": "2012-10-17",

    "Statement": [


            "Sid": "BucketAccess",

            "Effect": "Allow",

            "Action": [




            "Resource": [





            "Sid": "S3ObjectAccess",

            "Effect": "Allow",

            "Action": [




            "Resource": [






If you are not doing this, you should be pointing to an IAM from your .ebextensions rather than allowing EB to be creating its own, so you can control this

- namespace: aws:autoscaling:launchconfiguration

  option_name: IamInstanceProfile

  value: arn:aws:iam::xxxxxxxxx:instance-profile/yourRole

Related questions

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

Welcome to Intellipaat Community. Get your technical queries answered by top developers!

30.7k questions

32.8k answers


109k users

Browse Categories