<\/h4>\n\n\n\n
- You would need access to both the AWS accounts<\/li>
- You need IAM user access on the destination<\/li>
- AWS account number of the destination.<\/li>
- You need to have the AWS CLI configured on your machine with the IAM user that you created\/used from earlier step.<\/li><\/ol>\n\n\n\n
Get AWS Account number<\/h4>\n\n\n\n
- Login to the destination AWS account<\/li>
- Go to My Account page and copy the Account ID<\/li><\/ol>\n\n\n\n
![\"\"](\"https:\/\/techsatwork.com\/blog\/wp-content\/uploads\/2019\/05\/image.png\")
<\/figure>\n\n\n\nSet S3 policy on source account<\/h4>\n\n\n\n
- Login to the source AWS account<\/li>
- Go to the S3 bucket<\/li>
- Create the following policy to the bucket<\/li><\/ol>\n\n\n\n
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “DelegateS3Access”,
“Effect”: “Allow”,
“Principal”: {
“AWS”: “arn:aws:iam::DESTINATION_BUCKET_ACCOUNT_NUMBER<\/strong>:root”
},
“Action”: [
“s3:ListBucket”,
“s3:GetObject”
],
“Resource”: [
“arn:aws:s3:::SOURCE_BUCKET_NAME<\/strong>\/*”,
“arn:aws:s3:::SOURCE_BUCKET_NAME<\/strong>“
]
}
]
}<\/p>\n\n\n\nReplace DESTINATION_BUCKET_ACCOUNT_NUMBER<\/strong> with the account ID that you copied earlier. Replace the SOURCE_BUCKET_NAME<\/strong> with the actual bucket name.<\/p>\n\n\n\n
Attach policy on the destination account<\/h4>\n\n\n\n
- Login to the destination AWS account<\/li>
- Go to my security credentials<\/li>
- Select policies <\/li>
- Add the following as the new policy for the IAM user<\/li><\/ol>\n\n\n\n
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“s3:ListBucket”,
“s3:GetObject”
],
“Resource”: [
“arn:aws:s3:::SOURCE_BUCKET_NAME<\/strong>“,
“arn:aws:s3:::SOURCE_BUCKET_NAME<\/strong>\/” <\/em>
]<\/em>
}, <\/em>
{ <\/em>
“Effect”: “Allow”,<\/em>
“Action”: [<\/em>
“s3:ListBucket”,<\/em>
“s3:PutObject”,<\/em>
“s3:PutObjectAcl”<\/em>
],<\/em>
“Resource”: [<\/em>
“arn:aws:s3:::<\/em>DESTINATION_BUCKET_NAME<\/strong>“,<\/em>
“arn:aws:s3:::<\/em>DESTINATION_BUCKET_NAME<\/strong>\/<\/strong><\/em>“
]
}
]
}<\/p>\n\n\n\nReplace DESTINATION_BUCKET_NAME <\/strong> with the actual bucket name of the destination. Replace the SOURCE_BUCKET_NAME<\/strong> with the actual source bucket name.<\/p>\n\n\n\n
Sync the S3 from AWS CLI<\/h4>\n\n\n\n
Using AWS CLI on your computer issue the following command after replacing the BUCKET_NAME with the appropriate actual names.
Its important to use destination AWS IAM user account credentials.<\/p>\n\n\n\naws s3 sync s3:\/\/SOURCE-BUCKET-NAME s3:\/\/DESTINATION-BUCKET-NAME –source-region SOURCE-REGION-NAME –region DESTINATION-REGION-NAME<\/p>\n\n\n\n
This would sync the S3 buckets. As usual use due diligence before using this on your production system.<\/p>\n","protected":false},"excerpt":{"rendered":"
This will show you how to copy objects between S3 buckets across different AWS Accounts. Its not an easy drag and drop. Not sure why Amazon doesn’t provide an easy “SFTP” like feature. Here are the steps: Prerequisites You would need access to both the AWS accounts You need IAM user access on the destination […]<\/p>\n","protected":false},"author":1,"featured_media":1602,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","site-transparent-header":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[961,358,1,962],"tags":[686,960],"class_list":["post-1599","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aws","category-how-to","category-misc","category-s3","tag-aws","tag-s3"],"_links":{"self":[{"href":"https:\/\/techsatwork.com\/index.php?rest_route=\/wp\/v2\/posts\/1599","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techsatwork.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techsatwork.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techsatwork.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/techsatwork.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1599"}],"version-history":[{"count":10,"href":"https:\/\/techsatwork.com\/index.php?rest_route=\/wp\/v2\/posts\/1599\/revisions"}],"predecessor-version":[{"id":1613,"href":"https:\/\/techsatwork.com\/index.php?rest_route=\/wp\/v2\/posts\/1599\/revisions\/1613"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techsatwork.com\/index.php?rest_route=\/wp\/v2\/media\/1602"}],"wp:attachment":[{"href":"https:\/\/techsatwork.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1599"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techsatwork.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1599"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techsatwork.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1599"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}