mirror of
https://github.com/RealOrangeOne/notes.git
synced 2024-11-17 15:29:04 +00:00
Add note about ACLs and ownership when copying between accounts
This commit is contained in:
parent
74ef7d9232
commit
24fc330e64
1 changed files with 13 additions and 2 deletions
|
@ -5,11 +5,11 @@ tags:
|
|||
link: https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/
|
||||
---
|
||||
|
||||
To copy bucket contents from bucket in account A to bucket in account B:
|
||||
To copy bucket contents from a bucket in account A to a bucket in account B:
|
||||
|
||||
1. Create new S3 bucket in account B
|
||||
2. Create IAM role / user in account B, with access to destination bucket
|
||||
3. Add IAM inline policy to user:
|
||||
3. Add IAM inline policy to the newly-created user:
|
||||
|
||||
```json
|
||||
{
|
||||
|
@ -44,3 +44,14 @@ To copy bucket contents from bucket in account A to bucket in account B:
|
|||
]
|
||||
}
|
||||
```
|
||||
|
||||
Now, you can run `aws s3 sync` as the account in account B, and access both buckets.
|
||||
|
||||
!!! warning
|
||||
Whilst it might seem counter-intuitive, a **pull**-based transfer is significantly simpler than a **push**-based transfer. Notably, it avoids [issues](https://stackoverflow.com/a/63804619) with ownership issues and ACLs.
|
||||
|
||||
These can be solved by overwriting the file's ACLs to enforce the bucket owner owns the file:
|
||||
|
||||
```
|
||||
aws s3 cp --recursive 's3://<destination_bucket>` 's3://<destination_bucket>` --acl bucket-owner-full-control --metadata-directive REPLACE
|
||||
```
|
||||
|
|
Loading…
Reference in a new issue