I am very new to AWS. I created an IAM role which has full access to S3. I assigned this role to a Windows Server EC2 instance. I then installed CLI on that instance. I then remoted into that instance using RDP, and started a CMD windows, and typed in
aws s3 ls
It complained that
Unable to locate credentials. You can configure credentials by running "aws configure".
Now that this EC2 has been assigned the role that has full access to S3, why can't I directly access S3?
To use AWS CLI with IAM Roles, you create a named profile. Instead of configuring this profile with credentials, you specify the ARN of the role and the name of the profile that has access to it.
I stumbled across this post. The reason you get this message is because what @John Rotenstein stated, the server can't reach the metadata.
Running aws config list will show that you do not have any credentials as the message states. This means that the server can't the following:
# 169.254.169.254 is for metadata service
# 169.254.169.250 is for KmsInstanceVpc1
# 169.254.169.251 is for KmsInstanceVpc2
To fix this. It is best to just remove the routes and add them again.
"169.254.169.254/32", "169.254.169.253/32", "169.254.169.251/32", "169.254.169.250/32", "169.254.169.249/32", "169.254.169.123/32"
Running a aws config list will show that the credentials have been added.
I find that btuanexpress.net script to fix this issue within Windows helps
http://169.254.169.254/latest/meta-data/iam/security-credentials/? If so, append the role name to that URL and confirm whether security credentials are shown (eg Access Key & Secret Key). - John Rotensteinhttp://169.254.169.254/latest/meta-data/in a browser on the EC2 instance? It's starting to sound like the IAM Role is not attached to the instance. - John Rotenstein