How to copy S3 objects between AWS accounts

In your source account create a customer-managed policy:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::source-EXAMPLE-BUCKET", "arn:aws:s3:::source-EXAMPLE-BUCKET/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::destination-EXAMPLE-BUCKET", "arn:aws:s3:::destination-EXAMPLE-BUCKET/*" ] } ] }
Code language: JSON / JSON with Comments (json)

In your destination bucket, update the bucket policy:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::1234567890:user/Andrew" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::destination-EXAMPLE-BUCKET/*", "Condition": { "StringEquals": { "s3:x-amz-acl": "bucket-owner-full-control" } } }, { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::1234567890:user/Andrew" }, "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::destination-EXAMPLE-BUCKET" } ] }
Code language: JSON / JSON with Comments (json)

Testing the S3 copy between accounts:

aws s3 cp s3://source-EXAMPLE-BUCKET/object.txt s3://destination-EXAMPLE-BUCKET/object.txt --acl bucket-owner-full-control
Code language: Bash (bash)
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments