I want to give full access to the S3 bucket from the ec2 security group so all the ec2 instances all associated with that security group can have full access to S3 bucket.
also, I am thinking in the right direction or any other method need to use.
Asked
Active
Viewed 5,600 times
2 Answers
3
Unfortunately, you cannot add ec2 security group to the bucket policy.
However, usually if you want to enable access to S3 to your instances you would do this though instance roles. This way all instances which would need to have the S3 access would have the role attached allowed for it.
Having the role, if you want to use the bucket policy you would control access by specifying the role's ARN as the principle in the bucket policy.
Marcin
- 215,873
- 14
- 235
- 294
3
I know it's a bit late, but for others wandering on to this question, see this post on server fault.
Tl;dr:
- Create an access point for the bucket in S3, selecting the VPC that will access S3
- Then create an endpoint in that VPC to S3 -- it will ask you to select the route from your VPC routing table that will redirect traffic from the concerned instances to S3
- Lastly, create an outbound HTTPS rule in your security group with the VPC endpoint prefix as your destination, e.g. pl-xxxx
You can get the endpoint prefix in the AWS console via VPC --> Managed Prefix Lists --> prefix that points to S3.
Jim Walker
- 494
- 4
- 9