GithubHelp home page GithubHelp logo

tf-s3-crossaccount-access's Introduction

Copy S3 Bucket Objects Across AWS Accounts

You can copy AWS S3 objects from one AWS account to another by using the S3 COPY operation. You must grant the destination AWS account access to the source AWS account's resources by using Amazon S3 Access Control Lists (ACLs) or bucket policies. Copy S3 Bucket Objects Across AWS Accounts

Step 1: Get the 12 digit number of the Destination AWS Account

  • Sign in to the AWS Management Console for the destination AWS account.
  • In the navigation bar, click Support, and then click Support Center. The account number (for example, 222222222222) is displayed in the upper-right corner of the Support Center.

Step 2: Attach the policy to Source S3 Bucket

The Bucket policy set up in the source AWS account. Do NOT forget to change the account number and bucket name in the below policy, otherwise it will not work

For help on setting the ACL check here
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DelegateS3Access",
            "Effect": "Allow",
            "Principal": {"AWS": "222222222222"},
            "Action": ["s3:ListBucket","s3:GetObject"],
            "Resource": [
                "arn:aws:s3:::YOUR-SOURCE-BUCKET-NAME-HERE/*",
                "arn:aws:s3:::YOUR-SOURCE-BUCKET-NAME-HERE"
            ]
        }
    ]
}

Step 3: Attach a policy to a IAM User in the destination AWS account

Setup an IAM User in the destination account and attach this user policy to to delegate access to the bucket in the source AWS account.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR-SOURCE-BUCKET-NAME-HERE",
                "arn:aws:s3:::YOUR-SOURCE-BUCKET-NAME-HERE/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR-DESTINATION-BUCKET-NAME-HERE",
                "arn:aws:s3:::YOUR-DESTINATION-BUCKET-NAME-HERE/*"
            ]
        }
    ]
}

Step 4: Sync S3 Objects To Destination

When the abovee steps are completed, the "destination" account can copy objects by using the AWS Command Line Interface (CLI) commands cp or sync. Note: Successful execution of the following command assumes that the AWS CLI has been correctly configured for the IAM user(in step 3) in the destination AWS account.

aws s3 sync s3://YOUR-SOURCE-BUCKET-NAME-HERE s3://YOUR-DESTINATION-BUCKET-NAME-HERE --source-region SOURCE-REGION-NAME --region DESTINATION-REGION-NAME

# For Example,
aws s3 sync s3://my-us-west-2-bucket s3://my-us-east-1-bucket --source-region us-west-2 --region us-east-1

tf-s3-crossaccount-access's People

Contributors

bhaskarareddys avatar

Stargazers

arun9theja avatar

Watchers

avatar

Forkers

prasanth022 aruntheja-6

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.