Helm s3 plugin for cross account access

0 votes

 am using s3 as helm chart repository. I wanted to access/ manage this chart from two separate ec2 instances in different AWS account. both having different roles attached to it.

I create a bucket in AWS Account A, with below command

aws s3api create-bucket --bucket test15-helm-bucket --region "eu-central-1" --create-bucket-configuration LocationConstraint=eu-central-1

initialise helm chart Repo with below command

helm s3 init s3://test15-helm-bucket/charts
Initialized empty repository at s3://test15-helm-bucket/charts
Mar 15, 2022 in Others by Edureka
• 13,690 points
1,085 views

1 answer to this question.

0 votes

The error notice simply says that READ access to the bucket is refused, yet your API command only says that LIST access was given. Without seeing the associated policy, it is unable to make additional comments on this matter.

You can, however, configure cross-account bucket access instead of specifying the CLI profile on the instance.

To grant access to a role (EC2) in a different account, add a bucket policy to it.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<Account-B-ID>:role/<ec2-role-name>"
            },
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::<AccountABucketName>/*"
            ]
        }
    ]
}
To access the bucket in Account-A, add a policy to the EC2 instance's IAM role.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::<AccountABucketName>/*"

        }
    ]
}
Account-B should now be able to read/write to the bucket.
answered Mar 21, 2022 by gaurav
• 23,260 points

Related Questions In Others

0 votes
0 answers

why is x-access-token header used for?

Can anyone explain this? READ MORE

Jun 27, 2019 in Others by shubham
• 7,340 points
966 views
0 votes
1 answer

why is x-access-token header used for?

To understand this we need to understand ...READ MORE

answered Jun 27, 2019 in Others by sunshine
• 1,300 points
18,482 views
0 votes
0 answers

explain what access modifier can be used for method

Sep 10, 2019 in Others by anonymous
476 views
0 votes
1 answer

Best WooCommerce Plugin for B2B eCommerce Website?

Check this out https://woocommerce.com/products/b2b-for-woocommerce/ READ MORE

answered Sep 30, 2020 in Others by anonymous
• 19,610 points
873 views
0 votes
1 answer

AWS S3 uploading hidden files by default

versioning is enabled in your bucket. docs.aws.amazon.com/AmazonS3/latest/user-guide/….... the ...READ MORE

answered Oct 4, 2018 in AWS by Priyaj
• 58,100 points
5,905 views
–1 vote
1 answer

How to decrypt the encrypted S3 file using aws-encryption-cli --decrypt

Use command : aws s3 presign s3://mybucket/abc_count.png you get ...READ MORE

answered Oct 22, 2018 in AWS by Priyaj
• 58,100 points
5,176 views
0 votes
1 answer

Import my AWS credentials using python script

Using AWS Cli  Configure your IAM user then ...READ MORE

answered Nov 16, 2018 in AWS by Jino
• 5,820 points
2,845 views
0 votes
2 answers
0 votes
1 answer

how do i to forward domain.com to www.domain.com at godaddy for s3 hosted site?

Go to GoDaddy.com and enter your username ...READ MORE

answered Mar 10, 2022 in Others by gaurav
• 23,260 points
611 views
0 votes
1 answer

How to automate AWS Elastic Transcoder Jobs for s3 buckets?

This article will walk you through uploading ...READ MORE

answered Mar 24, 2022 in Others by gaurav
• 23,260 points
842 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP