Access denied to S3 bucket from ec2 docker container

1
votes

I have launched an EC2 instance which is needed to connect to s3 bucket. i created IAM role and linked it to EC2 instance. and from EC2 awscli i can list the files, however i deployed a container in that EC2 and when trying to list the file, I am getting the error - 

An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

IAM-Role

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::my-bucket/*",
            ]
        }
    ]
}

Can somebody please suggest. why i can access the s3 from an ec2 instance but not from the container running on the same EC2 instance.

1
amazon-web-servicesdockeramazon-ec2amazon-iam
Possible duplicate of Access AWS S3 bucket from a container on a serverJack Marchetti
My issue is little different. the solution given for the given issue is to create and attach the IAM role to the EC2 instance, which i already did and tested. The s3 list is working from the EC2. but not from container running on it.danD

1 Answers

1
votes

The ListBucket call is applied at the bucket level, so you need to add the bucket as a resource in your IAM policy (as written, you were just allowing access to the bucket's files):

"Resource": [
    "arn:aws:s3:::my-bucket",
    "arn:aws:s3:::my-bucket/*"
]

See this for more information about the resource description needed for each permission.

The fact that you were able to get the bucket listing from a shell running on the EC2 instance indicates to me that you have another user configured. Look for files in $HOME/.aws and environment variables that start with AWS.