Use Case : Cross Account S3 Bucket Sync
Scenario : You will be in a situation where
- You don't have access to source AWS Account
- You have access only destination AWS Account
- You wanted to sync/copy files from source AWS Account to destination AWS Account
AWS Account details
1.Source_AWS_Account : 11112222
S3 Bucket Name : Source-Bucket-Name
KMS key attached to S3 Bucket
- Add the destination ec2 instance profile role in kms policy
2.Destination_AWS_Account : 22223333
Destination S3 Bucket Name : Destination-Bucket-Name
1.Attach the policy to Source S3 bucket
{
"Sid": "CrossAccountSyncAccess",
"Effect": "Allow",
"Principal": {"AWS": "Destination_AWS_Account"},
"Action" : [ "s3:ListBucket","s3:GetObject"],
"Resource" :[
"arn:aws:s3:::Source-Bucket-Name/*",
"arn:aws:s3:::Source-Bucket-Name"
]
}
2.Attach the below iam policy for destination account - EC2 Instance profile role
{
"Sid": "CrossAccountSyncAccess_Source",
"Effect": "Allow",
"Action" : [ "s3:ListBucket","s3:GetObject"],
"Resource" :[
"arn:aws:s3:::Source-Bucket-Name/*",
"arn:aws:s3:::Source-Bucket-Name"
]
},
{
"Sid": "CrossAccountSyncAccess_Destination",
"Effect": "Allow",
"Action" : [ "s3:ListBucket","s3:PutObject","s3:PutObjectAcl"],
"Resource" :[
"arn:aws:s3:::Destination-Bucket-Name/*",
"arn:aws:s3:::Destination-Bucket-Name"
]
}
3.Run the below command
aws s3 sync s3://Source-BucketName s3://Destination-BucketName
Conclusion : Process for S3 Sync cross aws accounts.
💬 If you enjoyed reading this blog post and found it informative, please take a moment to share your thoughts by leaving a review and liking it 😀 and follow me in dev.to , linkedin
Top comments (0)