# 4.15 S3 CLI & Regions ## Steps: * Create a new EC2 instance with security group but no roles for now. * Create 3 new S3 buckets. One of them is in London, one is in Sydney, one is in North Virginia. Upload some objects to these three buckets. * Go to IAM and create a new Role. Set the attach policy as AmazonS3FullAccess. * You can not only attach roles to EC2 instance when you create the EC2 instance, but also attach roles when the EC2 instances are running through AWS CLI or AWS console. * For attaching roles to EC2 instance, you can go to Actions -> Instance Settings -> Attach/Replace IAM role. * For now when you run "aws s3 ls" in CLI, it will not ask you the credentials anymore. Because you have attached AmazonS3FullAccess role to this instance. * Copy objects from S3 buckets to local EC2 instance: "aws s3 cp --recursive s3://\[source-bucket-name] \[source-bucket-path]". For example: "aws s3 cp --recursive s3://acloudguru-useast1 /home/ec2-user". Some times you need to provide the region as an argument, for example: "aws s3 cp --recursive s3://acloudguru-euwest2 /home/ec2-user --region eu-west-2". --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ibwpang.gitbook.io/aws-csa/ec2-elastic-computing-cloud/415-s3-cli-and-regions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.