How to copy S3 objects from one AWS account to another

This article explains the steps to copy S3 objects from one AWS account to another.

Step1: Login to source AWS console.

Step2: Navigate to the IAM management page.

Step3: Create a new policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::SOURCE-BUCKET",
                "arn:aws:s3:::SOURCE-BUCKET/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::DESTINATION-BUCKET",
                "arn:aws:s3:::DESTINATION-BUCKET/*"
            ]
        }
    ]
}

Where SOURCE-BUCKET need to be replaced with the name of the source bucket.

Step4: Attach the newly created policy to the required IAM user.

Step5: Login to destination AWS console.

Step6: Navigate to the IAM management page.

Stepy7: Create a new policy.

{
    "Version": "2012-10-17",
    "Id": "Policy1611277539797",
    "Statement": [
        {
            "Sid": "Stmt1611277535086",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::ACCOUNT-ID:user/USER"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::DESTINATION-BUCKET/*",
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-acl": "bucket-owner-full-control"
                }
            }
        },
        {
            "Sid": "Stmt1611277877767",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::ACCOUNT-ID:user/USER"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::DESTINATION-BUCKET"
        }
    ]
}

Where ACCOUNT-ID need to be replaces with the id of source AWS account, USER with the IAM user in the source AWS account and DESTINATION-BUCKET with the name of the destination bucket.

Step8: Now the objects can be copied using aws cli.

#aws s3 cp s3://SOURCE-BUCKET/OBJECT s3://DESTINATION-BUCKET/OBJECT --acl bucket-owner-full-control

Where SOURCE-BUCKET need to be replaced with the name of the source bucket, DESTINATION-BUCKET with the name of the destination bucket and OBJECT with the name of the S3 object.

That's all…