S3 full-access configuration from EC2 instance

Question

I've created a role to grant full access to S3 from an EC2 instance. This is working ok, every time I create a new EC2 instance and attach this role it has full access to all my buckets on S3. I feel this is quite insecure, so my question is: is it possible to create a role or something similar to grant EC2 instances full access to specific buckets on S3 and not to all of them? Thanks!

This is the role I have right now:

"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": "s3:*",
        "Resource": "*"
    }
]

Already answered by me: https://stackoverflow.com/a/49849060/2732674 — Varun Chandak, Apr 24 '18 at 11:14

score 0 · Accepted Answer · answered Apr 24 '18 at 11:15

Already answered by me HERE

You can try this policy to give full access to a particular bucket:

{
    "Version": "2012-10-17",
    "Statement": [{
            "Action": "s3:*",
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::<BUCKETNAME>/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "arn:aws:s3:::*"
        }
    ]
}

S3 full-access configuration from EC2 instance

1 Answers1