I had to go through that process recently and I wanted to share what I had to do to accomplish that.
Prerequisite: ready and running EC2 instance and an S3 bucket has been created.
Install s3fs (S3 files system)
Update the system
sudo yum update
Install dependencies
sudo yum install automake fuse \
fuse-devel gcc-c++ git libcurl-devel \
libxml2-devel make openssl-devel
Download s3fs code from the source
git clone https://github.com/s3fs-fuse/s3fs-fuse.git
Install it
# cd s3fs-fuse\r\n# ./autogen.sh
# ./configure — prefix=/usr — with-openssl
# make
# sudo make install
Make sure it is installed properly
which s3fs
This will give you the location of its binaries
IAM policy and role.
We need to create a policy that will give EC2 access to that S3 bucket and then we will assign that policy to a role that will be assigned to our EC2 instance.
Create an IAM policy
This is the JSON of the policy. You can modify it to your needs, this particular policy only needs to manage to read/write/delete files into that bucket.
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::<your_bucket_here>/*",
"arn:aws:s3:::<your_bucket_here>"
]
}
]
}
Save the policy.
Create IAM role
Now we need to create a role based on that polity. Head to roles in IAM and click on "Create".
Select "AWS service" and EC2 under "Use case"
On the next screen select the policy you just created.
Hit "Next" will bring you to the next screen where you name the role and create its description.
Hit "Create role" and you are done.
Assign that role to your EC2 instance.
NOTE: the location specified is as of May 13, 2022, AWS UI can change
All the way to EC2 section, select your EC2 instance and under "Actions" which is on the top right select "Security"-> Modify IAM role.
That will lead to another page to select the role you just created and assign it to your EC2.
Ok, we are done here.
The mounting
Create a mounting point.
It can be a dir anywhere.
Mounting command
s3fs -o iam_role="<your_iam_role>" \
-o url="https://<your_aws_zone>.amazonaws.com" \
-o endpoint=<your_aws_zone> \
-o dbglevel=info \
-o umask=000,uid=1000 \
-o curldbg \
-o allow_other \
-o nonempty \
-o <s3_bucket_name> <mounting_point
your_iam_role is the role created and assigned to EC2
your_aws_zone is the AWS zone your bucket is in. It can be found in bucket properties. I am in Canada, so will be ca-central-1
umask 000 is what is going to make your dir writable if webserver needs to be put files there.
nonempty only needs if the dir has anything in it, otherwise skip it
This worked for me.
Top comments (0)