- Newest
- Most votes
- Most comments
This is weird because I assigned the "AmazonS3FullAccess" permission to the account I'm using to deploy nodeJS on Elastic Beanstalk.
The EC2 instance needs to have an IAM role associated with it that grants AmazonS3FullAccess. Deploying the stack with an account that has that permission doesn't mean that the resources that are deployed will inherit the privileges of that account.
In IAM, create a role to be used by an AWS service and select EC2 as that service, then attach the AmazonS3FullAccess policy to this new role.
That's the condensed version, full details are at https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html and https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
I'm not certain this will solve your 502 error (although it might, depending on how your app works) but it should help with the [ERROR] Failed to list S3 bucket
.
Thank you for the reply!
I just tried to deploy a sample NodeJS application on Elastic Beanstalk just right now, and the result was that...... it succeeded! I no longer get the "Severe" healthcheck status, but instead, I get an "OK" status, and I'm able to browse to the app domain URL without any issues.
Reading your reply, I went ahead and turned my attention to recreate the "aws-elasticbeanstalk-ec2-role" that we need for using Elastic Beanstalk. I think I had 5 permissions in there initially, and my hunch is that the "service" field in the trust entities config wasn't set to "ec2.amazonaws.com", but might've been set to something else like "elasticbeanstalk.amazonaws.com". What I ended up doing was selecting "AWSElasticBeanstalkMulticontainerDocker", "AWSElasticBeanstalkWebTier", and "AWSElasticBeanstalkWorkerTier" as the permissions, and set the service to correspond to "ec2.amazonaws.com", and created the "aws-elasticbeanstalk-ec2-role" role. For anyone else reading, I used these instructions to accomplish this - https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html
It seems my particular issue boiled down to improper configuration / creation of the "aws-elasticbeanstalk-ec2-role" role that we need to use Elastic Beanstalk.
Thank you again for the reply!
Relevant content
- Accepted Answerasked 6 months ago
- AWS OFFICIALUpdated 22 days ago
- How do I mount an Amazon EFS volume to an application directory in an Elastic Beanstalk environment?AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 9 months ago
Thank you for the reply!
I just tried to deploy a sample NodeJS application on Elastic Beanstalk just right now, and the result was that...... it succeeded! I no longer get the "Severe" healthcheck status, but instead, I get an "OK" status, and I'm able to browse to the app domain URL without any issues.
Reading your reply, I went ahead and turned my attention to recreate the "aws-elasticbeanstalk-ec2-role" that we need for using Elastic Beanstalk. I think I had 5 permissions in there initially, and my hunch is that the "service" field in the trust entities config wasn't set to "ec2.amazonaws.com", but might've been set to something else like "elasticbeanstalk.amazonaws.com". What I ended up doing was selecting "AWSElasticBeanstalkMulticontainerDocker", "AWSElasticBeanstalkWebTier", and "AWSElasticBeanstalkWorkerTier" as the permissions, and set the service to correspond to "ec2.amazonaws.com", and created the "aws-elasticbeanstalk-ec2-role" role.
It seems my issue boiled down to improper configuration / creation of the "aws-elasticbeanstalk-ec2-role" role that we need to use Elastic Beanstalk.
Thank you again for the reply!