1 Answer
- Newest
- Most votes
- Most comments
0
Hello,
Can you try the below
- Assign a S3 bucket policy as below example policy that allows the ec2 instance to write.
- If you already have a role assigned to ec2 then you can use the same in the policy, else create new assume role for ec2 and assign that role to ec2 and use that role arn in below policy.
- the second statement in the policy is basically a best practice to allow only https (not related to the error you are facing)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789:role/role_that_is_assigned_to_ec2"
},
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::bucket-name",
"arn:aws:s3:::bucket-name/*"
]
},
{
"Sid": "RestrictToTLSRequestsOnly",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::bucket-name",
"arn:aws:s3:::bucket-name/*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
answered a year ago
Relevant content
- asked 2 years ago
- Accepted Answerasked 2 days ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 months ago
Have you associated an IAM role to the ec2 instance allowing PutObject permission on the bucket?