2021-02-23 16:53:44 +00:00
|
|
|
---
|
|
|
|
|
title: Cross-account data transfer
|
|
|
|
|
tags:
|
|
|
|
|
- AWS
|
|
|
|
|
link: https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/
|
|
|
|
|
emoji: 🪣
|
|
|
|
|
---
|
|
|
|
|
|
2022-09-20 17:23:59 +01:00
|
|
|
To copy bucket contents from bucket in account A to bucket in account B:
|
|
|
|
|
|
|
|
|
|
1. Create new S3 bucket in account B
|
|
|
|
|
2. Create IAM role / user in account B, with access to destination bucket
|
2021-02-23 16:53:44 +00:00
|
|
|
3. Add IAM inline policy to user:
|
|
|
|
|
|
|
|
|
|
```json
|
|
|
|
|
{
|
2022-09-09 17:11:51 +01:00
|
|
|
"Version": "2012-10-17",
|
|
|
|
|
"Statement": [
|
|
|
|
|
{
|
|
|
|
|
"Effect": "Allow",
|
2022-09-20 17:23:59 +01:00
|
|
|
"Action": "s3:*",
|
|
|
|
|
"Resource": [
|
|
|
|
|
"arn:aws:s3:::<source_bucket>/*",
|
|
|
|
|
"arn:aws:s3:::<source_bucket>"
|
|
|
|
|
]
|
2022-09-09 17:11:51 +01:00
|
|
|
}
|
|
|
|
|
]
|
2021-02-23 16:53:44 +00:00
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
|
2022-09-20 17:23:59 +01:00
|
|
|
4. Add policy to source bucket
|
2021-02-23 16:53:44 +00:00
|
|
|
|
|
|
|
|
```json
|
|
|
|
|
{
|
2022-09-09 17:11:51 +01:00
|
|
|
"Version": "2012-10-17",
|
|
|
|
|
"Statement": [
|
|
|
|
|
{
|
|
|
|
|
"Effect": "Allow",
|
|
|
|
|
"Principal": {
|
|
|
|
|
"AWS": "arn:aws:iam::<account_id>:user/<user>"
|
|
|
|
|
},
|
2022-09-20 17:23:59 +01:00
|
|
|
"Action": "s3:*",
|
|
|
|
|
"Resource": ["arn:aws:s3:::<source_bucket>/*", "arn:aws:s3:::<source_bucket>"]
|
2022-09-09 17:11:51 +01:00
|
|
|
}
|
|
|
|
|
]
|
2021-02-23 16:53:44 +00:00
|
|
|
}
|
|
|
|
|
```
|
