I am unable to create bucket on S3 from EC2,also unable to access/upload files into S3 bucket from EC2

0
votes

When I am trying to access S3 service from EC2 , getting Access Denied errors for different operations like create bucket, list bucket, list objects etc. I have not changed the unix user password. Even with the root user, I am unable to access the S3 service.

1] Command - aws s3 ls

Error : An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied

2] Command - aws s3 ls htcdsb-dev

Error : An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied

Above errors are getting for normal unix user. For the root user below errors are getting generated.

1] Command - aws s3 ls

Error : An error occurred (AuthorizationHeaderMalformed) when calling the ListBuckets operation: The authorization header is malformed; the authorization component "Credential=AWSAccessKeyId=A******************Q/20171122/us-east-1/s3/aws4_request" is malformed

(I have purposely put asterisk(*) here to hide my access key). Except S3, I am able to access other services like IAM and AWS Glue.

I am unable to understand why the issue is occurring. Also I am unable to understand the link the between the Unix user and the AWS S3 operations.

I have created IAM role, also run AWS configure and Reboot EC2 instance but also having same issue.

IAM Role:

 HT_EC2_User

Content of AWS config file:

 cat .aws/config
 [default]
 region = us-east-1
 output = None
2
amazon-web-servicesamazon-s3amazon-ec2
Do you ( your IAM User) have access to S3 that would be my first question ?Kush Vyas
To access AWS service, you need AWS user's credentials. To specify AWS credentials, run aws configure (these are saved separately per unix user). (Also, that one AWS user may not have permissions to access the specific bucket(s))Dusan Bajic
Did you check right IAM policies are attached to AWS user? Do S3 bucket have any custom policies?niteshd22
Please read Under what circumstances may I add “urgent” or other similar phrases to my question, in order to obtain faster answers? - the summary is that this is not an ideal way to address volunteers, and is probably counterproductive to obtaining answers. Please refrain from adding this to your questions.halfer
Can you please verify which AWS CLI version you are running (latest is aws-cli/1.12.0) and if required upgrade the CLI version?sudo

2 Answers

1
votes

Most likely, your user and root user has different credentials configured. Can you run aws configure while logged in as the user (not superuser/root) and configure the CLI with access keys? The malformed request could happen for several reasons, could you verify the content of .aws/config file?

0
votes

Access from EC2 to S3 is controlled by your IAM role that you assign to your EC2. Make sure that the corresponding IAM role has proper permissions to access the S3 bucket

Following is a sample permission snippet that you can add to your EC2 IAM Role

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:List*",
                "s3:Get*"
            ],
            "Resource": [
                "arn:aws:s3:::MyS3BucketName/*",
                "arn:aws:s3:::MyS3BucketName"
            ],
            "Effect": "Allow"
        }
    ]
}