-
Hi jbeha,
Thank you for your feedback. This is a valid concern worth addressing.
You are correct that storing long-lived IAM credentials in the ~/.aws/credentials file on EC2 instances is not an AWS best practice. Accordingly, the recommended approach is to attach an IAM Role to the EC2 instances via an instance profile. This allows instances to automatically retrieve temporary, rotating credentials through the EC2 Instance Metadata Service (IMDS), removing the need to manage static access keys, which is especially important for Spot Instances that can be interrupted and replaced at any time.
However, the question is diagnostic in nature; it asks why the upload is failing, not how the system should be designed. Since the scenario does not mention an IAM Role being attached to the EC2 instances, the absence or misconfiguration of credentials in the ~/.aws/credentials file is a valid root cause of the failure. The key takeaway is that the proper remediation is to attach the appropriate IAM Role to the EC2 instances, not to populate the credentials file with static keys.
To make this clearer, we have updated the explanation to include guidance on using IAM Roles with instance profiles as the correct and recommended approach when deploying applications on EC2 instances that interact with AWS services such as Amazon S3.
We appreciate you taking the time to raise this. Feedback like yours helps us improve our content.
Best regards,
Irene @ Tutorials Dojo
