Interact with S3 via AWS CLI
Interact with S3 via AWS CLI
Now, In order for our private EC2 to interact with the S3 bucket, we need to modify the IAM role for this private EC2.
- Access the EC2 interface:
- Click on Instances
- Choose EC2 Private
- Click on Actions
- Click on Security
- Click on Modify IAM role
- In the Modify IAM role interface:
- On the search bar, choose EC2FullAccessS3
- Click on Update IAM role
- After modifying IAM role, enter
aws s3 lsand see the result.
-
We still encounter the error Unable to locate credentials.
- This could be due to our private EC2 not having internet access, making it unable to determine which endpoint to go through.
-
There are two ways we can address this issue.
- Enter
aws configure - Default region name: type
ap-southeast-1 - Here, ap-southeast-1 is the region we are specifying for the endpoint we created because the private EC2 doesn’t have internet connectivity and, therefore, cannot determine which endpoint to pass through.
- Enter
- Then type
aws s3 lsto see the result.- Now, we can see our bucket bucket-workshop
- Alternatively, we use the command aws s3 ls –region ap-southeast-1. Here, –region ap-southeast-1 is also specifying the endpoint that we created in the Singapore region.
- Firstly, you need to use the aws configure command to set the default region name to None so that you can execute the aws s3 ls –region ap-southeast-1 command.
aws s3 ls --region ap-southeast-1
You can explore additional commands for further hands-on practice.
Through this lab, we can understand how resources within a VPC can establish private connections to certain AWS services such as S3.
Next, we will proceed to the step of deleting the resources.