How can I configure access to an S3 bucket for Amazon EC2 Image Builder's S3Download action?

Question

I am using Amazon EC2 Image Builder to create Windows 2022 Server image.

My intention is to run a script to apply some customization steps. The Image Builder provides actions such as S3Download, which seems to suggest that I should be able to download a script and run it while the image is being created.

To achieve that, I have created this Custom Component.

name: DownloadScript
description: Download script from S3
schemaVersion: 1.0

phases:
  - name: build
    steps:
      - name: DownloadPowershellScript
        action: S3Download
        inputs:
          - source: 's3://bucket-name/SetEnvironmentVariables.ps1'
            destination: 'C:\SetEnvironmentVariables.ps1'

All I want to do at this stage is to grab this script from a S3 bucket that exists.

The pipeline fails, and I get the following error in the logs.

S3Download: [ ERROR ] Download error: failed to determine size of incoming S3 object at bucket nimbus3-scripts-2 and key SetEnvironmentVariables.ps1 with error 'operation error S3: HeadObject, https response error StatusCode: 403, RequestID: FK71MQK98KABQ2TH, HostID: CkCGB4S51UqGn8FD+aQq5fmbmN7EMyOaPFgVXAmM5rV48NSsu/KjbMH+5cGlHqSMUNxmtzzMcELgKu/iph2tUA==, api error Forbidden: Forbidden'

How do I configure access to S3 bucket, so that the Image Pipeline can read this file from S3 while creating the image?

Answer 1

You can download the script and then execute it.

From the AWS Documentation:

S3Download

With the S3Download action module, you can download an Amazon S3 object, or a set of objects, to a local file or folder that you specify with the destination path. If any file already exists in the specified location, and the overwrite flag is set to true, S3Download overwrites the file.

name: MyS3DownloadKeyprefix
action: S3Download
maxAttempts: 3
inputs:
    - source: s3://mybucket/path/to/*
      destination: C:\myfolder\
      expectedBucketOwner: 123456789022
      overwrite: false