GUIDE

The road ahead will be long and our climb will be steep

S3 Policy on EC2 Having Changes Between ECS and EB

| Comments

We can see the title, and below is the different policy:

EC2 Instance from ECS 
 1{
 2    "Version": "2012-10-17",
 3    "Statement": [
 4        {
 5            "Effect": "Allow",
 6            "Action": [
 7                "s3:Get*",
 8                "s3:List*"
 9            ],
10            "Resource": [
11                "arn:aws:s3:::elasticbeanstalk-*",
12                "arn:aws:s3:::elasticbeanstalk-*/*/system_files/*"
13            ]
14        },
15        {
16            "Effect": "Allow",
17            "Action": [
18                "s3:Put*",
19                "s3:Get*",
20                "s3:List*",
21                "s3:Delete*"
22            ],
23            "Resource": [
24                "arn:aws:s3:::elasticbeanstalk-*",
25                "arn:aws:s3:::elasticbeanstalk-*/*/app_data/*"
26            ]
27        }
28    ]
29}
EC2 Instance from EB 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::elasticbeanstalk-*/*/system_files/*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::elasticbeanstalk-*/*/app_data/*"
        }
    ]
}

So if I use EB’s policy on ECS, it must report access denied, I try to find out some documents about this on aws, but failed. But I will continue verifying it.

Comments