Back

Explore Courses Blog Tutorials Interview Questions
0 votes
2 views
in AWS by (19.1k points)

How to utilize temporary AWS credentials in a launched EC2 instance, I can't seem to get an extremely simple POC running.

Desired:

  • Launch an EC2 instance
  • SSH in
  • Pull a piece of static content from a private S3 bucket

Steps:

  • Create an IAM role
  • Spin up a new EC2 instance with the above IAM role specified; SSH in
  • Set the credentials using aws configure and the details that (successfully) populated in http://169.254.169.254/latest/meta-data/iam/security-credentials/iam-role-name
  • Attempt to use the AWS CLI directly to access the file

IAM role:

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Effect": "Allow",

      "Action": [

        "s3:GetObject"

      ],

      "Resource": "arn:aws:s3:::bucket-name/file.png"

    }

  ]

}

When I use the AWS CLI to access the file, this error is thrown:

A client error (Forbidden) occurred when calling the HeadObject operation: Forbidden

Completed 1 part(s) with ... file(s) remaining

Which step did I miss?

1 Answer

0 votes
by (44.4k points)

Instead of using aws configure and then autocompleting the parameters, do this manually with a --region tag.

aws s3 cp s3://bucket-name/file.png file.png --region us-east-1

Browse Categories

...