Add note about cross-account bucket data transfer

2024-06-29 05:46:59 +01:00 · 2021-02-23 16:53:44 +00:00 · 2021-02-23 16:53:44 +00:00 · e4774536a7
commit e4774536a7
parent 2e7c0ded98
1 changed files with 45 additions and 0 deletions
--- a/notes/aws/cross-account-transfer.md
+++ b/notes/aws/cross-account-transfer.md
@ -0,0 +1,45 @@
+---
+title: Cross-account data transfer
+tags:
+  - AWS
+link: https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/
+emoji: 🪣
+---
+
+1. Create S3 bucket in account A
+2. Create IAM role / user in account B
+3. Add IAM inline policy to user:
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "*",
+            "Resource": "arn:aws:s3:::<bucket>/*"
+
+        }
+    ]
+}
+```
+
+4. Add policy to bucket
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": "arn:aws:iam::<account_id>:user/<user>"
+            },
+            "Action": "*",
+            "Resource": [
+                "arn:aws:s3:::<bucket>/*"
+            ]
+        }
+    ]
+}
+```