I am hosting a simple static website on a Amazon S3 bucket and my problematic is : I need to serve this website via an EC2 instance.
All documents in my S3 are not publicly accessible.
I have set up a role which can list my buckets and which have all authorizations on it, and on my EC2, I am able to see my bucket and list/update all the files that are in the bucket.
I have set up an NGINX reverse proxy on my EC2 instance (which runs with the previous IAM role) which redirect requests to this server to my S3 bucket. However, I am getting a 403 error (Unauthorized).
Here is my nginx configuration file :
server {
listen 80 default_server;
location / {
proxy_http_version 1.1;
proxy_set_header Authorization '';
proxy_set_header Host my-bucket.s3-website.eu-west-3.amazonaws.com;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header x-amz-meta-server-side-encryption;
proxy_hide_header x-amz-server-side-encryption;
proxy_hide_header Set-Cookie;
proxy_ignore_headers Set-Cookie;
proxy_intercept_errors on;
add_header Cache-Control max-age=31536000;
proxy_pass http://my-bucket.s3-website.eu-west-3.amazonaws.com/;
}
}
I guess that my proxy does not use my EC2 IAM role to make the request.
How can I achieve this (make a request to my S3 using my IAM role) ? Do I have to set up a S3 policy so that my reverse proxy works ?
Thank you for your answers !