S3 with EC2 IAM policy

I granted the EC2 instance running Nextcloud access to the created S3 bucket.
Why do I still need to create an IAM user end configure the key/secret in config.php?

what do you exactly mean? do you mean why in the config.php you have to supply the Access Key and Secret Key? if yes, then obviously for anyone to access the S3 bucket, he needs to have permission, that kind of a permission is assigned to access key and secret key.

now, the NextCloud needs this permission so it can upload to S3 bucket and make operations on files, the NextCloud isn’t AWS service, so you can’t grant NextCloud permission directly such as AWS Rekognition service for example, then other way is to give the credentials (access key and secret key) which they have permission to access S3

are you sure that S3 is working fine as your primary storage? meaning are after uploading files through NextCloud Client can you see that the files are stored in S3?

I believe @jvbussel is referring to the EC2 Instance Profile.

I have also set my instances up to have access to the relevant buckets. I’d like to avoid needing to create IAM Users with Access Keys for Nextcloud.

I’m not familiar with the PHP SDK for AWS, but if it’s like the others and if Nextcloud is using it properly, it should fall back to using the instance profile if access keys are absent.