Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

s3fs with aws ec2 instance and using instance profiles

As far as I can tell the only way to mount an s3 bucket with s3fs is to use an accesskey:secretkey specified in a file with various file locations supported.

However, if I'm an ec2 instance, in the local s3 account, with an instance profile, I just want to use the instance profile credentials that are available. Does anyone know of a way to use an instance profile, and not have to set credentials in the local file system? If not, is anyone working on supporting this feature going forward?

Thanks

like image 339
user2615236 Avatar asked May 04 '17 21:05

user2615236


People also ask

What is the difference between an instance role and an instance profile?

An Instance Profile is a container for a single IAM Role. A typical convention is to create an IAM Role and an Instance Profile of the same name for clarity. An EC2 Instance cannot be assigned a Role directly, but it can be assigned an Instance Profile which contains a Role.

Can an instance have multiple instance profiles?

An instance profile can contain only one IAM role, although a role can be included in multiple instance profiles. This limit of one role per instance profile cannot be increased. You can remove the existing role and then add a different role to an instance profile.

What is AWS EC2 instance profile?

An instance profile is a container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.

What are the 3 different methods that you connect to a EC2 instance?

AWS support many ways to let you connect to your servers(EC2), we will introduce three methods : SSH, Instance Connect, System Manager and deep dive in EC2 Instance Connect and System Manager – Session Manager.


1 Answers

Once/if you have a role that is attached to the EC2 instance, you can then add the following entry in /etc/fstab to automatically mount the S3 bucket on boot:

s3fs#bucketname /PATHtoLocalMount fuse _netdev,iam_role=nameofiamrolenoquotes

Naturally, you have to have s3fs installed (as you do judging from the question), and the role policy must grant the appropriate (probably full) access to the S3 bucket. This is great in the sense that no IAM credentials need to be stored on the instance (=safer, because the role access cannot be used outside the instance attached to the role, while the IAM credentials can).

like image 197
Ville Avatar answered Sep 21 '22 14:09

Ville