Post

How to Mount an S3 Bucket on an AWS EC2 Instance (With Terraform IAM Role Setup)

Posted
Preview Image
By Harsh Raj Gupta
3 min read
How to Mount an S3 Bucket on an AWS EC2 Instance (With Terraform IAM Role Setup)

Amazon EC2 and S3 are two of the most powerful and widely used AWS services. One common use case is mounting an S3 bucket to an EC2 instance to make the object storage accessible like a local file system.

In this blog, we’ll walk you through how to mount an Amazon S3 bucket to an EC2 instance using s3fs, and how to set up the required IAM Role using Terraform.

βœ… Prerequisites

Before we begin, make sure you have the following:

  • An AWS EC2 instance (Ubuntu-based).
  • An S3 bucket already created.
  • Terraform installed and configured with AWS credentials.
  • Permissions to assign IAM roles to EC2 instances.

πŸ”§ Step 1: Install s3fs on the EC2 Instance

To mount an S3 bucket, we need s3fs, a FUSE-based file system backed by Amazon S3.

πŸ“¦ Install Required Dependencies

1
2

sudo apt update
sudo apt install -y automake build-essential libfuse-dev libcurl4-openssl-dev libxml2-dev pkg-config git libssl-dev

πŸ“₯ Clone and Build s3fs from Source

1
2
3
4
5
6

git clone https://github.com/s3fs-fuse/s3fs-fuse.git
cd s3fs-fuse
./autogen.sh
./configure
make
sudo make install

πŸ“ Step 2: Create a Mount Point for the S3 Bucket

Choose or create a directory where you want to mount the S3 bucket:

1

mkdir -p /home/ubuntu/s3mount/<bucket-name>

Replace <bucket-name> with the actual name of your S3 bucket.

πŸ” Step 3: Mount the S3 Bucket Using IAM Role

If your EC2 instance has an IAM role with S3 access (we’ll create this role using Terraform below), run:

1

sudo s3fs <bucket-name> /home/ubuntu/s3mount/<bucket-name> -o iam_role=auto -o allow_other
  • <bucket-name> should be replaced with your actual S3 bucket name.
  • iam_role=auto allows automatic use of the attached IAM role.
  • allow_other lets other users on the system access the mounted directory.

πŸ” Step 4: Auto-Mount S3 Bucket on Reboot

To ensure the mount persists after reboot, edit the /etc/fstab file:

1

sudo nano /etc/fstab

Add the following line at the end:

1

s3fs#<bucket-name> /home/ubuntu/s3mount/<bucket-name> fuse _netdev,iam_role=auto,allow_other 0 0

Save and apply the mount:

1

sudo mount -a

🌐 Step 5: Create IAM Role with S3 Access Using Terraform

To allow the EC2 instance to access the S3 bucket, attach an IAM role with the necessary permissions. Here’s how to set this up using Terraform:

πŸ“ iam.tf – IAM Role, Policy Attachment, and Instance Profile

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

resource "aws_iam_role" "s3_access_role_ec2" {
  name = "s3-access-role-ec2"

  assume_role_policy = jsonencode({
    Version = "2012-10-17",
    Statement = [{
      Effect = "Allow",
      Principal = {
        Service = "ec2.amazonaws.com"
      },
      Action = "sts:AssumeRole"
    }]
  })
}

resource "aws_iam_role_policy_attachment" "s3_access_policy_attachment" {
  role       = aws_iam_role.s3_access_role_ec2.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
}

resource "aws_iam_instance_profile" "s3_instance_profile" {
  name = "s3-instance-profile"
  role = aws_iam_role.s3_access_role_ec2.name
}

πŸ’» Step 6: Attach IAM Role to EC2 Using Terraform

Make sure your EC2 instance resource uses the IAM instance profile created above.

πŸ“ ec2.tf – EC2 Instance Configuration

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

resource "aws_instance" "ec2" {
  for_each = var.ec2_instances

  ami                    = each.value.ami
  instance_type          = each.value.instance_type
  key_name               = aws_key_pair.ec2_key[each.key].key_name
  vpc_security_group_ids = [aws_security_group.ec2_sg[each.key].id]

  # Adding IAM role for S3 access
  iam_instance_profile   = aws_iam_instance_profile.s3_instance_profile.name

  root_block_device {
    volume_size = each.value.volume_size
    volume_type = "gp3"
  }

  metadata_options {
    http_endpoint               = "enabled"
    http_tokens                 = "required"
    http_put_response_hop_limit = 1
  }

  tags = merge(each.value.tags, { Name = each.key })
}

Ensure that the AmazonS3FullAccess policy is attached to the IAM role for full access, or use a custom policy with more restricted permissions.

πŸ§ͺ Testing the Mount

Once everything is configured:

  1. SSH into the EC2 instance.
  2. Run df -h to confirm the S3 bucket is mounted.
  3. Try listing or creating files in /home/ubuntu/s3mount/<bucket-name>.

🧼 To Unmount the S3 Bucket (Optional)

If you ever need to unmount the S3 bucket:

1

sudo umount /home/ubuntu/s3mount/<bucket-name>

πŸ“Œ Final Thoughts

Mounting an S3 bucket on EC2 using s3fs is a flexible and cloud-native way to interact with S3 like a file system. With IAM roles managed via Terraform, the solution becomes scalable and automated.

⚠️ Note: This setup is ideal for use cases like logs, backups, or document storage β€” not for performance-intensive tasks or database use.

DevOps, AWS
AWS-S3-EC2-Integration Mount-S3-on-Ubuntu-EC2 s3fs-fuse-AWS-Tutorial Terraform-IAM-Role-for-S3 Auto-mount-S3-EC2-Linux Amazon-EC2-mount-S3-bucket Persistent-S3-mount-Linux
This post is licensed under CC BY 4.0 by the author.