> ## Documentation Index
> Fetch the complete documentation index at: https://docs.gorbit.cloud/llms.txt
> Use this file to discover all available pages before exploring further.

# S3 Assume Role

> This method automatically uses the IAM role attached to your EC2 instance to access S3 buckets. No manual credential entry is required.

### Prerequisites

* Ensure your EC2 instance has an IAM role attached.
* Verify the instance profile is properly configured via AWS Console under **EC2 › Instance Settings
  › Attach/Replace IAM role**.

### Updating the Existing IAM Role

Since your EC2 instance already has an IAM role attached, you need to update it with the necessary S3 permissions:

<Steps>
  <Step title="Open role in IAM">
    In AWS Console, go to **IAM › Roles** and find your EC2 instance's existing role.
  </Step>

  <Step title="Attach S3 policy">
    Click on the role and go to the **Permissions** tab. Click **Add permissions › Attach policies**.
    Search for and select **AmazonS3ReadOnlyAccess** policy. Click **Attach policies**.
  </Step>
</Steps>

Alternatively, for more granular control, you can create a custom inline policy:

<Steps>
  <Step title="Create inline policy">
    In the same role's **Permissions** tab, click **Add permissions › Create inline policy**.
    Switch to JSON and add this policy (replace `your-source-bucket-name`):

    ```json theme={null}
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "s3:GetObject",
            "s3:ListBucket"
          ],
          "Resource": [
            "arn:aws:s3:::your-source-bucket-name",
            "arn:aws:s3:::your-source-bucket-name/*"
          ]
        }
      ]
    }
    ```

    Name the policy (e.g., `GorbitS3Access`) and click **Create policy**.
  </Step>
</Steps>

The connector will automatically detect and use the EC2 instance's IAM role for accessing your S3 buckets.

### Credential Entry in Gorbit

When configuring the S3 connector in Gorbit, you'll need to:

<Steps>
  <Step title="Open Assume Role tab">
    Click on the **Assume Role** tab
  </Step>

  <Step title="No credentials required">
    No credentials need to be entered — the connector automatically uses your EC2 instance's attached role.
  </Step>
</Steps>

<img className="rounded-image" src="https://mintlify.s3.us-west-1.amazonaws.com/gorbit/assets/admins/connectors/blob/s3/gorbit-assume-role.png" alt="Screenshot of Gorbit S3 assume role configuration" />

Once you have updated your EC2 instance's role with S3 permissions,
proceed to the [indexing steps in the overview](./overview#indexing) to configure your S3 connector.
