repos
/
notes
mirror of https://github.com/RealOrangeOne/notes.git
1
Fork 0
Code
notes/docs/notes/infrastructure/cross-account-transfer.md

938 B
Raw Blame History

title tags link emoji
Cross-account data transfer
AWS
https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/ 🪣

To copy bucket contents from bucket in account A to bucket in account B:

  1. Create new S3 bucket in account B
  2. Create IAM role / user in account B, with access to destination bucket
  3. Add IAM inline policy to user:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::<source_bucket>/*",
        "arn:aws:s3:::<source_bucket>"
      ]
    }
  ]
}
  1. Add policy to source bucket
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::<account_id>:user/<user>"
      },
      "Action": "s3:*",
      "Resource": ["arn:aws:s3:::<source_bucket>/*", "arn:aws:s3:::<source_bucket>"]
    }
  ]
}