How to copy S3 objects from one AWS account to another
This article explains the steps to copy S3 objects from one AWS account to another.
Step1: Login to source AWS console.
Step2: Navigate to the IAM management page.
Step3: Create a new policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::SOURCE-BUCKET",
"arn:aws:s3:::SOURCE-BUCKET/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::DESTINATION-BUCKET",
"arn:aws:s3:::DESTINATION-BUCKET/*"
]
}
]
}Where SOURCE-BUCKET need to be replaced with the name of the source bucket.
Step4: Attach the newly created policy to the required IAM user.
Step5: Login to destination AWS console.
Step6: Navigate to the IAM management page.
Stepy7: Create a new policy.
{
"Version": "2012-10-17",
"Id": "Policy1611277539797",
"Statement": [
{
"Sid": "Stmt1611277535086",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ACCOUNT-ID:user/USER"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::DESTINATION-BUCKET/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
},
{
"Sid": "Stmt1611277877767",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ACCOUNT-ID:user/USER"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::DESTINATION-BUCKET"
}
]
}Where ACCOUNT-ID need to be replaces with the id of source AWS account, USER with the IAM user in the source AWS account and DESTINATION-BUCKET with the name of the destination bucket.
Step8: Now the objects can be copied using aws cli.
#aws s3 cp s3://SOURCE-BUCKET/OBJECT s3://DESTINATION-BUCKET/OBJECT --acl bucket-owner-full-controlWhere SOURCE-BUCKET need to be replaced with the name of the source bucket, DESTINATION-BUCKET with the name of the destination bucket and OBJECT with the name of the S3 object.
That's all…