First, we need to create a role for the enclave which has access to the s3 and KMS:
aws iam create-role \
--role-name EC2_S3_KMS_Role \
--assume-role-policy-document '{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}]
}' \
--description "IAM role for EC2 instances with S3 and KMS access"
# Attach policies to the role
aws iam attach-role-policy \
--role-name EC2_S3_KMS_Role \
--policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
aws iam attach-role-policy \
--role-name EC2_S3_KMS_Role \
--policy-arn arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser