How to copy S3 objects from one AWS account to another

January 4, 2022January 4, 2022 admin

This article explains the steps to copy S3 objects from one AWS account to another.

Step1: Login to source AWS console.

Step2: Navigate to the IAM management page.

Step3: Create a new policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::SOURCE-BUCKET",
                "arn:aws:s3:::SOURCE-BUCKET/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::DESTINATION-BUCKET",
                "arn:aws:s3:::DESTINATION-BUCKET/*"
            ]
        }
    ]
}

Where SOURCE-BUCKET need to be replaced with the name of the source bucket.

Step4: Attach the newly created policy to the required IAM user.

Step5: Login to destination AWS console.

Step6: Navigate to the IAM management page.

Stepy7: Create a new policy.

{
    "Version": "2012-10-17",
    "Id": "Policy1611277539797",
    "Statement": [
        {
            "Sid": "Stmt1611277535086",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::ACCOUNT-ID:user/USER"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::DESTINATION-BUCKET/*",
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-acl": "bucket-owner-full-control"
                }
            }
        },
        {
            "Sid": "Stmt1611277877767",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::ACCOUNT-ID:user/USER"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::DESTINATION-BUCKET"
        }
    ]
}

Where ACCOUNT-ID need to be replaces with the id of source AWS account, USER with the IAM user in the source AWS account and DESTINATION-BUCKET with the name of the destination bucket.

Step8: Now the objects can be copied using aws cli.

#aws s3 cp s3://SOURCE-BUCKET/OBJECT s3://DESTINATION-BUCKET/OBJECT --acl bucket-owner-full-control

Where SOURCE-BUCKET need to be replaced with the name of the source bucket, DESTINATION-BUCKET with the name of the destination bucket and OBJECT with the name of the S3 object.

That's all…

M	T	W	T	F	S	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.