Use Case : Cross Account S3 Bucket Sync
Scenario : You will be in a situation where
- You don't have access to source AWS Account
- You have access only destination AWS Account
- You wanted to sync/copy files from source AWS Account to destination AWS Account
AWS Account details
1.Source_AWS_Account : 11112222
S3 Bucket Name : Source-Bucket-Name
KMS key attached to S3 Bucket
- Add the destination ec2 instance profile role in kms policy
2.Destination_AWS_Account : 22223333
Destination S3 Bucket Name : Destination-Bucket-Name
1.Attach the policy to Source S3 bucket
{ "Sid": "CrossAccountSyncAccess", "Effect": "Allow", "Principal": {"AWS": "Destination_AWS_Account"}, "Action" : [ "s3:ListBucket","s3:GetObject"], "Resource" :[ "arn:aws:s3:::Source-Bucket-Name/*", "arn:aws:s3:::Source-Bucket-Name" ] } 2.Attach the below iam policy for destination account - EC2 Instance profile role
{ "Sid": "CrossAccountSyncAccess_Source", "Effect": "Allow", "Action" : [ "s3:ListBucket","s3:GetObject"], "Resource" :[ "arn:aws:s3:::Source-Bucket-Name/*", "arn:aws:s3:::Source-Bucket-Name" ] }, { "Sid": "CrossAccountSyncAccess_Destination", "Effect": "Allow", "Action" : [ "s3:ListBucket","s3:PutObject","s3:PutObjectAcl"], "Resource" :[ "arn:aws:s3:::Destination-Bucket-Name/*", "arn:aws:s3:::Destination-Bucket-Name" ] } 3.Run the below command
aws s3 sync s3://Source-BucketName s3://Destination-BucketName Conclusion : Process for S3 Sync cross aws accounts.
💬 If you enjoyed reading this blog post and found it informative, please take a moment to share your thoughts by leaving a review and liking it 😀 and follow me in dev.to , linkedin
Top comments (0)