Download an object from S3 in a run document


We have a role attached to a managed instance for ssm. It has rights to a private S3 bucket and it's contents.

Do I have to do anything special in order to download a file using it's S3 url? Do I have to state in the run document to assume the role, or is it already implied?

asked 5 years ago1136 views
1 Answer

Figured this out. The managed instance had the correct role, I just needed to install the awscli tools first, set the path so that powershell could use them, then issue the standard aws s3 cp command.

Part of my run document looks like this. I'm using chocolatey to get the awscli tools installed.
Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString(''))
choco install awscli -y
setx PATH "%PATH%;C:\Program Files\Amazon\AWSCLI"
aws s3 cp s3://yadayadayada c:\
then a line to remove the cli tool when done
choco uninstall awscli -y

Too bad the ssm agent doesn't come with aws tools already installed for this kind of stuff, but that's ok.

Edited by: kleinberger on Feb 13, 2019 2:13 PM

answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions