1

I need to be able to copy a tar file from a s3 bucket and untar when I launch my EC2 instances. I basically have this simple user_data:

#/bin/bash
aws s3 cp s3://my-bucket/mytarfile.tar mytarfile.tar > /tmp/output 2>&1

After my instance launches there is no mytarfile.tar anywhere on the instance and the /tmp/output contains the error message:

fatal error: Unable to locate credentials

So I guess it is impossible to use the aws command line in EC2 user_data.

Improve this question
2
  • 1
    Did you set instance role/profile to the instance? Commented Dec 8, 2020 at 23:04
  • No. I guess that is something I need to do? But I am total AWS noob. How do I do that? Commented Dec 8, 2020 at 23:05

1 Answer 1

Reset to default
3

By default your buckets and objects in S3 are private. For an instance to be able to access them, you have to explicitly allow such access. This is done by means of IAM roles for instances.

When the IAM role with S3 permissions is attached to the instance, AWS CLI and SDK will be able to automatically fetch the temporary credentials provided by the role to access your S3.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Hmm... sorry the AWS docs are confusing to me. So I need to 1) create a role 2) Define which accounts or AWS services can assume the role (I guess that is S3?) 3) Define which API actions and resources the application can use after assuming the role. :( what does that mean?
@RedCricket How are you creating the instance? Using CloudFormation?
Ah! I got it to work. I had to create a "profile" (name my-profile) that has the Policy name "AmazonS3Fullaccess" (I probably could find a read only policy) and when I launch the instance I select that profile in the form.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.