I created an IAM role as follows and attached to my EC2 instance:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": "*"
}
]
}
Also added bucket policy for my S3 bucket:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<my-aws-account-id>:role/Get-Pic"
},
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::<my-bucket>",
"arn:aws:s3:::<my-bucket>/*"
]
}
]
}
Options of Block public access of S3 are:
- [on] Block public access to buckets and objects granted through new access control lists (ACLs)
- [on] Block public access to buckets and objects granted through any access control lists (ACLs)
- [off] Block public access to buckets and objects granted through new public bucket or access point policies
- [off] Block public and cross-account access to buckets and objects through any public bucket or access point policies
But I still cannot access my S3 from EC2:
$ curl https://<my-bucket>.s3-ap-southeast-2.amazonaws.com/Instagram.png
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>2006E789486C0744</RequestId><HostId>DVldRN7BgUXvKvXElPYTVGd7mgAsoPEJkH9D/mlrr4Vv5FNZdr0DLbKTFkGu9ZuCo45yPq+i2rU=</HostId></Error>
Is there anything I should do?
