Skip to main content

Accessing S3 with AWS IAM Roles

Hands-On Lab

 

Photo of Craig Arcuri

Craig Arcuri

AWS Training Architect II in Content

Length

00:30:00

Difficulty

Advanced

This hands-on lab will focus on using EC2 roles to grant access to AWS resources. Specifically, an IAM role will be created and attached to an EC2 instance which will give the instance access to an S3 Bucket. This process can be completed in the AWS Management Console. After a brief walkthrough of how that can be done in the Management Console, the lab will focus on using a CloudFormation Template to complete this task. Putting such tasks in a CloudFormation template promotes reuse, documentation, and efficiency of effort. After the CloudFormation Stack is created, which will attach the IAM role to the EC2 instance, the permissions will be verified. NOTE: In the EC2 Section, create your own Key air for use in the CloudFormation Template. You will also be referencing the provisioned VPC and subnets that have been provided for you in the lab.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Accessing S3 with AWS IAM Roles

Solution

Create CloudFormation Stack

NOTE: In the EC2 Section, create your own Keypair for use in the CloudFormation Template. You will also be refrencing the provisioned VPC and subnets that have been provided for you in the lab.

  1. In the AWS Management Console, select CloudFormation
  2. Click Design Template
  3. Click the Template tab and paste in the provided CloudFormation Template
  4. Click the Create Stack icon at the top-left of the page
  5. Create a key pair:
    1. In a new tab, navigate to the EC2 service
    2. Click Key Pairs in the menu on the left of the page
    3. Click Create Key Pair
      • Key pair name: s3roleslearningactivity
      • Click Create
  6. Back in the CloudFormation tab, click Next
  7. Provide the Stack name of "s3role" and select the key pair we created, "s3roleslearningactivity"
  8. In a new tab, navigate to the VPC service to get the information for the next two fields on this page:
    • Once in the VPC service, click Your VPCs
    • Copy the VPC ID of the VPC in the list; paste this information into the myVPC field on the CloudFormation tab
    • Back in the VPC tab, click Subnets
    • Copy the Subnet ID of the first subnet in the list; paste this information into the MySubnet field on the CloudFormation tab
  9. Click Next
  10. Click Next
  11. Check the acknowledgement at the bottom of the page and click Create
  12. You may need to refresh the page to show the stack creation in progress

List and create S3 Buckets from the CLI

  1. From your terminal window, make sure you're in the downloads folder (if not, do cd downloads.)

  2. Then, from the CLI, do:

    chmod 400 <key-pair>
  3. Then paste in the SSH string, which can be obtained from the Outputs tab of the CloudFormation Stack. Hit return to SSH in to the EC2 instance.

  4. Once you are logged in, update the host:

    sudo yum update
  5. Verify that you can list buckets with the command:

    aws s3 ls
  6. Verify that you can create a bucket with the command:

    aws s3 mb s3://mybucket

    > Note: Remember, bucket names have to be unique so just add 3 or 4 numbers to the end of the Bucket name.

Conclusion

Congratulations, you've completed this hands-on lab!