mirror of
https://github.com/RealOrangeOne/notes.git
synced 2024-12-22 23:45:58 +00:00
Add note about cross-account bucket data transfer
This commit is contained in:
parent
2e7c0ded98
commit
e4774536a7
1 changed files with 45 additions and 0 deletions
45
notes/aws/cross-account-transfer.md
Normal file
45
notes/aws/cross-account-transfer.md
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
---
|
||||||
|
title: Cross-account data transfer
|
||||||
|
tags:
|
||||||
|
- AWS
|
||||||
|
link: https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/
|
||||||
|
emoji: 🪣
|
||||||
|
---
|
||||||
|
|
||||||
|
1. Create S3 bucket in account A
|
||||||
|
2. Create IAM role / user in account B
|
||||||
|
3. Add IAM inline policy to user:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [
|
||||||
|
{
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Action": "*",
|
||||||
|
"Resource": "arn:aws:s3:::<bucket>/*"
|
||||||
|
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
4. Add policy to bucket
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [
|
||||||
|
{
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Principal": {
|
||||||
|
"AWS": "arn:aws:iam::<account_id>:user/<user>"
|
||||||
|
},
|
||||||
|
"Action": "*",
|
||||||
|
"Resource": [
|
||||||
|
"arn:aws:s3:::<bucket>/*"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
```
|
Loading…
Reference in a new issue