From e4774536a71ccd6b8de7a21ba032370c5a36a2cb Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Tue, 23 Feb 2021 16:53:44 +0000
Subject: [PATCH] Add note about cross-account bucket data transfer

---
 notes/aws/cross-account-transfer.md | 45 +++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 notes/aws/cross-account-transfer.md

diff --git a/notes/aws/cross-account-transfer.md b/notes/aws/cross-account-transfer.md
new file mode 100644
index 0000000..4212eed
--- /dev/null
+++ b/notes/aws/cross-account-transfer.md
@@ -0,0 +1,45 @@
+---
+title: Cross-account data transfer
+tags:
+  - AWS
+link: https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/
+emoji: 🪣
+---
+
+1. Create S3 bucket in account A
+2. Create IAM role / user in account B
+3. Add IAM inline policy to user:
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "*",
+            "Resource": "arn:aws:s3:::<bucket>/*"
+
+        }
+    ]
+}
+```
+
+4. Add policy to bucket
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "AWS": "arn:aws:iam::<account_id>:user/<user>"
+            },
+            "Action": "*",
+            "Resource": [
+                "arn:aws:s3:::<bucket>/*"
+            ]
+        }
+    ]
+}
+```