Unable to upload file from Elastic Beanstalk to s3 due to access denied

Question

Here is my bucket policy:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AddPerm",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::spmgr/*"
        },
        {
            "Sid": "AllowEBSService",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::823510892997:role/service-role/aws-elasticbeanstalk-service-role"
            },
            "Action": "*",
            "Resource": [
                "arn:aws:s3:::spmgr",
                "arn:aws:s3:::spmgr/*"
            ]
        }
    ]
}

On attempting to upload file from my elastic beanstalk worker instance, I get Access denied error. (Though note that the same code on my local dev machine is able to successfully upload the file) So how do I fix it?

Answer 1

aws-elasticbeanstalk-service-role is for EB service itself. For your application you have to provide role associated with your Elastic Beanstalk instance profile. You have to check what role your EB instances is using.