Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I access protected S3 files in a CFN script?

Tags:

amazon-s3

amazon-iam

amazon-cloudformation

I am trying to retrieve a file in my cloudformation script. If I make the file publicly available, then it works fine. If the file is private, then the cfn script fails, but with a 404 error in /var/log/. Trying to retrieve the file via wget results in the appropriate 403 error.

How can I retrieve private files from S3?

My file clause looks like: 

    "files" : {
      "/etc/httpd/conf/httpd.conf" : { 
        "source" : "https://s3.amazonaws.com/myConfigBucket/httpd.conf"
      }
    },

I added an authentication clause and appropriate parameter:

"Parameters" : {
  "BucketRole" : {
    "Description" : "S3 role for access to bucket",
    "Type" : "String",
    "Default" : "S3Access",
    "ConstraintDescription" : "Must be a valid IAM Role"
  }
}

    "AWS::CloudFormation::Authentication": {
      "default" : {
        "type": "s3",
        "buckets": [ "myConfigBucket" ],
        "roleName": { "Ref" : "BucketRole" }
      }
    },

My IAM Role looks like:

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:Get*",
        "s3:List*"
      ],
      "Resource": "*"
    }
  ]
}
like image 932
chris Avatar asked May 28 '13 12:05

chris

People also ask

How do I access private S3 bucket files?

You can access an S3 bucket privately without authentication when you access the bucket from an Amazon Virtual Private Cloud (Amazon VPC). However, make sure that the VPC endpoint used points to Amazon S3. Follow these steps to set up VPC endpoint access to the S3 bucket: 1.

Does CloudFormation create S3 bucket?

The AWS::S3::Bucket resource creates an Amazon S3 bucket in the same AWS Region where you create the AWS CloudFormation stack. To control how AWS CloudFormation handles the bucket when the stack is deleted, you can set a deletion policy for your bucket. You can choose to retain the bucket or to delete the bucket.

Will CloudFormation delete S3 bucket?

The CloudFormation service won't delete an S3 bucket that contains objects. This means that if your stack wrote to a bucket and you didn't manually delete the object before deleting the stack then it will fail.

1 Answers

The solution is to add an IamInstanceProfile property to the instance creation:

   "Parameters" : {
     ...
     "RoleName" : {
       "Description" : "IAM Role for access to S3",
       "Type" : "String",
       "Default" : "DefaultRoleName",
       "ConstraintDescription" : "Must be a valid IAM Role"
     }
   },

   "Resources" : {
     "InstanceName" : {
       "Type" : "AWS::EC2::Instance",
       "Properties" : {
         "ImageId"             : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "64"] },
         "InstanceType"        : { "Ref" : "InstanceType" },
         "SecurityGroups"      : [ {"Ref" : "SecurityGroup"} ],
         "IamInstanceProfile"  : { "Ref" : "RoleName" },
         "KeyName"             : { "Ref" : "KeyName" }
       }
     },
     ...
like image 130
chris Avatar answered Sep 22 '22 09:09

chris
Sign in to Comment

Related questions

How can we copy s3 files between buckets of different account/credentials using s3 cp and different profiles?
How to close an AWS S3 read stream (AWSJavaScriptSDK)
S3 delete file programmatically which ends in line feed (%0A)?
AWS Glue: ETL to read S3 CSV files
How much it cost to use Amazon S3 for Video Streaming backend?
Create/update Amazon Athena tables from Amazon S3 bucket files
Amazon Aurora PostgreSQL SELECT INTO OUTFILE S3
How to upload a file to Amazon Glacier Deep Archive using boto3
S3 static website /w bluegreen deployment
How can I assign bucket-owner-full-control when creating an S3 object with boto3?
How to install awscli version 2 on raspberry pi
How do I bulk upload to s3?
AWS EC2- Synching source code files with S3 - is it a proper approach?
How can I organize a million+ files now that I'm moving to Amazon S3?
Java UrlConnection triggering "Connection reset" exceptions under high load. Why?
Can files uploaded to Amazon S3 get auto-deleted after few days?
Setting MEDIA_URL for Django Heroku App, Amazon S3
Amazon S3 CORS PUT fails
Ruby - Append content at the end of the existing s3 file using fog
Options for accessing S3/DynamoDB with C/C++ [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!