Menu
I'm trying to provision my EC2 instances in Elastic Beanstalk with some ssh keys from a private S3 bucket. Here's a snippet of my .ebextensions/.config:
files:
"/root/.ssh/id_rsa" :
mode: "000400"
ownder: root
group: root
source: https://s3-us-west-2.amazonaws.com/<bucket>/<app>_id_rsa
Unfortunately, I'm getting a 403 response from S3. Is there a way to grant access to the EC2 instances using a Security Group? I can't grant each instance access individually as I won't know their IPs before they are scaled. Is there some other way to grant just this Elastic Beanstalk app access? I'm having trouble coming up with a good S3 Bucket Policy...
497
Amazon EC2 uses Amazon S3 for storing Amazon Machine Images (AMIs). You use AMIs for launching EC2 instances. In case of instance failure, you can use the stored AMI to immediately launch another instance, thereby allowing for fast recovery and business continuity.
first click on the tab below
then click on the added role
and add AmazonS3FullAccess access policy
150
In my case I tried creating a new EC2 role that would include access policy to S3, but could not get it working, as it seems by default this role does not get attached to ec2 instances? Played around with VPC S3 bucket roles, but that only messed up bucket and locked me out. The proper solution was to add the S3 access policy to already existing ElasticBeanstalk role:
aws-elasticbeanstalk-ec2-role
that @chaseadamsio and @tom mentioned, thank you for that.
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
