🚀Configure AWS CLI on EC2 with IAM Role and Create an S3 Bucket — Secure Guide

📌 Introduction

Amazon EC2 instances are essential in DevOps workflows to run applications and automate infrastructure tasks. One of the most common requirements is enabling your EC2 instance to interact with AWS services like S3, EC2, and CloudWatch.

In this guide, we’ll walk through:

• securely installing and configuring the AWS CLI on an Ubuntu EC2 instance using an IAM role (recommended),

• Creating an S3 bucket using CLI

• and applying best practices for least-privilege, secure access.

🖥️ Step 1: Launch and Connect to EC2

1. Launch an EC2 instance (Ubuntu in this example)

2. Connect via SSH:

ssh -i "your-key.pem" ubuntu@your-ec2-public-ip

⚙️ Step 2: Install AWS CLI (v2)

Ubuntu 24.04 does not support AWS CLI installation via apt, so we use the official installer.

Download AWS CLI:

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

Install unzip (if needed):

sudo apt update
sudo apt install unzip -y

Extract files:

unzip awscliv2.zip

Install AWS CLI:

sudo ./aws/install

Verify installation:

aws --version

🔐 Step 3: Configure AWS CLI

You can configure AWS access in two ways:

⭐ Option 1: Using IAM Role (Recommended)

Step 1: Create an IAM Role Navigate to IAM, select "Roles," and click "Create Role." Choose "AWS Service," then select "EC2," and proceed to the next step.

Step 2: Click on "Add Permission," then select the "S3FullAccess" policy.

Step 3: After creating the role, attach it to the EC2 instance.

Attaching the Role

1. Open EC2: Go to the AWS Console and find your Instances.

2. Select Instance: Check the box next to your instance name.

3. Modify Role: Click Actions → Security → Modify IAM Role.

4. Save: Pick your s3fullaccess role from the list and hit Update.

Testing it out

To make sure it works, log into your instance (SSH) and type:

Bash

aws s3 ls

Success looks like: A list of your S3 buckets appears. Failure looks like: An "Unable to locate credentials" or "Access Denied" error.

Pro Tip: Using IAM roles for EC2 is significantly more secure than embedding credentials within your application, as AWS automatically manages the rotation of temporary security tokens. ✔ No credentials required ✔ Most secure approach ✔ Used in production environments

🔑 Option 2: Using Access Keys

1. Create an IAM user

2. Generate Access Key and Secret Key

3. Configure AWS CLI:

aws configure

Enter:

Access Key ID
Secret Access Key
Region (e.g., us-east-1)
Output format (json)

🧪 Step 4: Test AWS CLI

List S3 buckets:

aws s3 ls

📦 Step 5: Create an S3 Bucket

Basic command:

aws s3 mb s3://your-unique-bucket-name

Example:

aws s3 mb s3://abhigna-s3-bucket1

🌍 Create Bucket in Specific Region

aws s3api create-bucket \
  --bucket abhigna-s3-bucket1\
  --region eu-north-1 \
  --create-bucket-configuration LocationConstraint=eu-north-1

📤 Upload File to S3

I created a file called testfile.txt and uploaded it to the S3 bucket.

aws s3 cp testfile.txt s3://abhigna-s3-bucket1/

📥 Downloading a File from S3 to the Current Directory

to download a file from an S3 bucket into a specific directory on an EC2 instance.

🔧 Step 1: Create a Directory

First, create a new directory to organize your project files:

mkdir devproject

📂 Step 2: Navigate to the Directory

Move into the newly created directory:

cd devproject/

📥 Step 3: Download File from S3

Use the AWS CLI command to copy a file from your S3 bucket to the current directory:

aws s3 cp s3://your-bucket-name/testfile.txt .

🧠 Understanding the Command

• aws s3 cp → Used to copy files between S3 and local system

• s3://your-bucket-name/testfile.txt → Source file in S3

• . → Destination (current directory)

👉 The dot (.) represents the current working directory, meaning the file will be downloaded exactly where you are currently located.

✅ Step 4: Verify Download

List the files in the directory:

ls

You should see:

testfile.txt

🎯 Key Insight

When you use . in the command, it ensures that:

• The file is downloaded into the current directory

• No need to specify full path manually

🔹To Remove s3 bucket and all files inide it:

Delete all files :

aws s3 rm s3://abhigna-s3-bucket1 --recursive

Delete bucket :

aws s3 rb s3://abhigna-s3-bucket1

you can see bucket is removed

🧠 Best Practices

• Use IAM roles instead of access keys for EC2

• Avoid storing credentials on servers

• Use least privilege policies

• Rotate credentials regularly

🎯 Conclusion

You’ve learned how to install and configure AWS CLI on an Ubuntu EC2 instance and create an S3 bucket—prefer using an attached IAM role for secure, short-lived access, verify the CLI with simple commands, and apply S3 best practices to protect your data.

• Prefer IAM roles over static credentials and follow least-privilege principles.

• Test the CLI (e.g., aws s3 ls) before running automation.