Tuesday, April 12, 2022

[SOLVED] I want to connect an ec2 instance which is in account A which should be able to access Bucket from both account A and another account B. How?

Issue

I saw the official documentation https://aws.amazon.com/premiumsupport/knowledge-center/s3-instance-access-bucket/ which says to create role in both account and attach! I had another solution which is create an IAM user in account B and grant it only S3 bucket permissions and config the EC2 Instance in Account B with that user. So if i do that will it work? and can the EC2 instance still access the S3 from the its account?


Solution

It appears that your situation is:

  • Amazon EC2 instance in Account A
  • Amazon S3 bucket in Account A (Bucket-A)
  • Amazon S3 bucket in Account B (Bucket-B)
  • You would like the EC2 instance to be able to access both buckets

You should do the following:

  • Create an IAM Role (Role-A) for the Amazon EC2 instance with:
    • Permission to access Bucket-A, and
    • Permission to access Bucket-B
  • Add a Bucket policy to Bucket-B that permits access to the bucket from Role-A (This will grant "cross-account access")

That's it! The instance will be able to access Bucket-A due to permissions in the IAM Role, and it will be able to access Bucket-B due to permissions in both the IAM Role and the Bucket Policy.



Answered By - John Rotenstein
Answer Checked By - Mildred Charles (WPSolving Admin)