How to Grant EC2 Instance Access to S3 Bucket in Another AWS Account

One common use case for EC2 and S3 is to store and retrieve files from S3 buckets using EC2 instances.

What if the S3 bucket is in another AWS account?

This blog post will provide a step-by-step guide on how to grant an AWS EC2 instance access to an AWS S3 bucket in a different AWS account.

To achieve this, you will need to create an IAM (Identity and Access Management) role in AWS Account B pointing to Account A.

Then, you will create another IAM role in Account A that will be your instance profile, and attach that IAM role to the EC2 instance in your AWS Account A.

Finally, you will need to validate the permissions on your S3 bucket.

PRE-REQUISITES

I will assume you have an AWS environment already setup with the scenario below:

• Account B: an S3 bucket with the right permissions. In this demo, I will create my S3 bucket with public access granted.
• Account A: an EC2 instance with public access running a Linux OS e SSH access in place. This EC2 will be used to access the S3 bucket.

If you want to learn more about IAM Policies