This project demonstrates how to securely grant an EC2 instance read-only access to an S3 bucket using IAM roles and policies, following the principle of least privilege. The process includes creating the IAM role, assigning the correct trust relationship, attaching the role to the EC2 instance, and testing access behavior using AWS CLI.
- πΈ Create an IAM role with
AmazonS3ReadOnlyAccess - πΈ Attach the role to an EC2 instance
- πΈ Use the EC2 instance to list and read S3 objects
- πΈ Verify that write/delete actions are denied
- πΈ Enforce least privilege access across services
- IAM Role and Trust Relationship configuration
- Role-based EC2 permissions
- S3 access control via managed policies
- Testing permissions using the AWS Console and CLI
- AWS resource segregation and security enforcement
- AWS IAM
- Amazon EC2
- Amazon S3
- AWS CLI
- AWS Management Console
- MacBook Terminal (zsh)
- Identity-based access control
- IAM role creation and permission boundaries
- EC2 instance setup and role association
- S3 bucket permission testing
- Screenshot documentation and GitHub project structuring
| Step | Description | Preview |
|---|---|---|
| 1 | EC2 Instance Launched |  |
| 2 | EC2 Instance Configuration Details |  |
| 3 | Launch Confirmation |  |
| 4 | EC2 Dashboard Showing Running Instance |  |
| 5 | IAM Role List View |  |
| 6 | IAM Role Summary (AmazonS3ReadOnlyAccess attached) |  |
| 7 | IAM Trust Policy Configuration |  |
| 8 | EC2 Role Attachment Verified |  |
| 9 | S3 Bucket Content Visible via EC2 |  |
The EC2 instance successfully assumed the IAM role and was able to:
- βοΈ Read files from the S3 bucket
- β Denied upload or delete operations (as expected)
This validated that AmazonS3ReadOnlyAccess was enforced properly using IAM best practices.
This project demonstrates practical experience with:
- Real-world IAM architecture
- Security-first cloud operations
- EC2-to-S3 least privilege enforcement
- Documentation using GitHub and Markdown