How can I access an Amazon S3 bucket from an application running on an Elastic Beanstalk instance?

3 minute read
0

I want to access an Amazon Simple Storage Service (Amazon S3) bucket from an application running on an AWS Elastic Beanstalk instance.

Short description

To access an S3 bucket from Elastic Beanstalk, verify that your AWS Identity and Access Management (IAM) instance profile is attached to an Amazon Elastic Compute Cloud (Amazon EC2) instance. The instance must have the correct permissions for Amazon S3. Then, confirm that your S3 bucket policy doesn't deny access to the role attached to your instance profile.

Resolution

Validate permissions for your instance profile

  1. Open the Elastic Beanstalk console.
  2. Select your environment.
  3. From the navigation menu, choose Configuration.
  4. In the Configuration overview section, from the Category column, for Security, choose Modify.
  5. From the IAM instance profile menu, note the name of your instance profile.
  6. Open the IAM console.
  7. In the navigation pane, choose Roles.
  8. In the search box, enter the name of your instance profile from step 5.
  9. Verify that the role from step 8 has the required Amazon S3 permissions for the bucket that you want to access. For more information, see Identity and access management for Amazon S3 and Actions, resources, and condition keys for Amazon S3.

Validate permissions for your S3 bucket

  1. Open the Amazon S3 console.
  2. From the list of buckets, choose the bucket with the bucket policy that you want to change.
  3. Choose the Permissions tab.
  4. Choose Bucket Policy.
  5. Search for "Effect": "Deny" statements.
  6. In your bucket policy, edit or remove any "Effect": "Deny" statements that are denying the IAM instance profile access to your role. For more information, see Adding a bucket policy by using the Amazon S3 console.
    Note: Be careful not to remove any necessary deny statements to align to the security best practice of principle of least privilege. For more information, see Amazon S3 security.

Access your S3 bucket

You can now access your S3 bucket, and then use your S3 bucket to complete the following tasks:

Related information

Buckets overview

Elastic Beanstalk instance profile

Examples of Amazon S3 bucket policies

Storing private keys securely in Amazon S3

AWS OFFICIAL
AWS OFFICIALUpdated 3 months ago