βœ… Day 8 of My Cloud Journey ☁ – IAM Roles + EC2 to S3 Access Without Credentials πŸ”

Pratik DasPratik Das
3 min read

Table of contents

On Day 8 of my #30DaysOfCloud journey, I went hands-on with IAM Roles and saw how an EC2 instance can access S3 without hardcoding any credentials.

This is a foundational AWS best practice β€” using IAM Roles for secure, temporary permissions.

πŸ”„ Problem Statement

We want an EC2 instance to:

  • Access an S3 bucket (read/write)

  • Without using access keys or credentials

  • Securely using IAM Roles

🎭 What is an IAM Role?

An IAM Role is a set of permissions you can assign to AWS services.
Unlike IAM users, roles don’t have long-term credentials.

Instead, services like EC2 assume roles, and AWS automatically provides short-term access tokens to them.

πŸ’‘ This is safer, more scalable, and follows best practices!

πŸ”§ Step-by-Step: Allow EC2 to Access S3 Using IAM Role

1️⃣ Create an IAM Role

  • Go to IAM β†’ Roles β†’ Create Role

  • Select Trusted Entity: AWS service

  • Choose EC2 as the use case

  • Attach the policy: AmazonS3FullAccess (or create a custom policy for least privilege)

  • Name your role: EC2S3AccessRole

  • βœ… Done! Role created.

2️⃣ Launch (or modify) an EC2 instance

  • Launch a new EC2 instance (or stop β†’ modify an existing one)

  • Under "IAM Role", attach EC2S3AccessRole

  • Boot the instance and connect using SSH

3️⃣ Access S3 from EC2 (No Keys Needed!)

Log into your EC2 instance via SSH and test S3 access:

bashCopyEdit# List buckets
aws s3 ls

# Copy a file to S3
echo "Hello from EC2" > test.txt
aws s3 cp test.txt s3://your-bucket-name/

🚫 No access keys, no .aws/credentials needed β€” it works using role-based access!

πŸ§ͺ How It Works (Under the Hood)

  • EC2 instance has metadata service (http://169.254.169.254) which provides temporary credentials

  • AWS CLI automatically uses those credentials

  • These are rotated automatically and scoped to the permissions defined in the role

βœ… Best Practices

πŸ” Use roles instead of access keys
πŸ”„ Roles rotate credentials automatically
πŸ“¦ Use least privilege β€” create scoped policies instead of S3FullAccess
πŸ” Use CloudTrail to monitor access

🎯 Summary

IAM Roles are a cornerstone of cloud security and automation.

Today, I learned:

  • How to assign IAM roles to EC2

  • How EC2 accesses S3 securely

  • That roles > access keys in almost every case!

πŸ“š Resources

πŸš€ Tomorrow: I’ll explore Amazon S3 in detail – buckets, object storage, lifecycle rules, and real-world use cases.

Let’s keep learning and building!
#30DaysOfCloud #AWS #IAM #EC2 #S3 #CloudSecurity #LearnInPublic #Hashnode #CloudJourney

0
Subscribe to my newsletter

Read articles from Pratik Das directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSCloudCloud ComputingDockerIAMci-cdKubernetesDevops#shubhamLondheTerraform

Written by

Pratik Das
Pratik Das