Skip to main content

How can I copy S3 objects from another AWS account?

Step 1: Get the 12 digit number of the Destination AWS Account

  • Sign in to the AWS Management Console for the destination AWS account.
  • In the navigation bar, click Support, and then click Support Center. The account number (for example, 222222222222) is displayed in the upper-right corner of the Support Center.

Step 2: Attach the policy to Source S3 Bucket

The Bucket policy set up in the source AWS account. Do NOT forget to change the account number and bucket name in the below policy, otherwise, it will not work
For help on setting the ACL check here
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DelegateS3Access",
            "Effect": "Allow",
            "Principal": {"AWS": "057682336657"},
            "Action": ["s3:ListBucket","s3:GetObject"],
            "Resource": [
                "arn:aws:s3:::cdn.example.in/*",
                "arn:aws:s3:::cdn.example.in"
            ]
        }
    ]
}









Step 3: Attach a policy to a IAM User in the destination AWS account





Setup an IAM User in the destination account and attach this user policy to to delegate access to the bucket in the source AWS account.



In simple words. We have to paste this policy by replacing the source bucket name and destination bucket name to IAM - > Policies (from Left Side) then click on Create Policy then choose "JSON" formate and past this policy.



Now go to Users and create a user and attach this policy to this user by search from policies. Once we attach then download the creditionals. Now login to your desitnation account and setup aws configure setting as follow





[ec2-user@ip-172-31-33-118 ~]$ aws s3 ls s3://cdn.example.in



Unable to locate credentials. You can configure credentials by running "aws configure".



[ec2-user@ip-172-31-33-118 ~]$ aws configure 



AWS Access Key ID [None]: AKIAQ23RKWSDFHQ5FR73V72



AWS Secret Access Key [None]: zQ3YThtA9TYo32vVSDFEBfTsCCevydScUbfQQUN



Default region name [None]: 



Default output format [None]: 



[ec2-user@ip-172-31-33-118 ~]$ aws s3 ls s3://cdn.example.in
















[ec2-user@ip-172-31-33-118 ~]$ aws s3 sync s3://cdn.example.in s3://cdn.example2.in






{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR-SOURCE-BUCKET-NAME-HERE",
                "arn:aws:s3:::YOUR-SOURCE-BUCKET-NAME-HERE/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR-DESTINATION-BUCKET-NAME-HERE",
                "arn:aws:s3:::YOUR-DESTINATION-BUCKET-NAME-HERE/*"
            ]
        }
    ]
}























Step 4: Sync S3 Objects To Destination





When the abovee steps are completed, the "destination" account can copy objects by using the AWS Command Line Interface (CLI) commands cp or syncNote: Successful execution of the following command assumes that the AWS CLI has been correctly configured for the IAM user(in step 3) in the destination AWS account.






aws s3 sync s3://YOUR-SOURCE-BUCKET-NAME-HERE s3://YOUR-DESTINATION-BUCKET-NAME-HERE --source-region SOURCE-REGION-NAME --region DESTINATION-REGION-NAME

# For Example,
aws s3 sync s3://my-us-west-2-bucket s3://my-us-east-1-bucket --source-region us-west-2 --region us-east-1







Reference Sites :

https://aws.amazon.com/premiumsupport/knowledge-center/account-transfer-s3/



Video Reference - https://www.youtube.com/watch?v=YOhFXGfqiUw#action=share



















































































































Comments









  1. browse recommended websites here6 February 2020 at 15:50
    I have read this post for about three times and I still can not understand the actions in the fourth step. Can anybody, who knows, explain me?
    ReplyDelete











Post a Comment



















Popular posts from this blog





















How do I change the time zone of my Amazon RDS database instance?




























 As we know bydefault time in the format of UTC in mysql.We can set local time zone to our AWS RDS Instance for our application. or any other time zone prefared   Cloud Based Website Hosting Service Provider    Steps 1: Go to Services and Select RDS       Now to change time zone we have to change "Parameter Group" in left side that is associated with DB instance      first we can check default Parameter Group for our instance is  Parameter group      default.mysql5.7  ( in-sync )     like this. So we have to change the time zone in this Parameter Group.    now open that parameter group (default.mysql5.7)          and click on edit parameter.       then search for time_zone (because we want to change it.) then we have to change time_zone only by default it is engine-default (that is utc)  we have to select Asia/Calcutta.              More information we can ref.      https://aws.amazon.com/premiumsupport/knowledge-center/rds-change-time-zone/      




















1 comment









Read more




























Changing the Time Zone on Amazon Linux Ec2 Instance




























  Amazon Linux instances are set to the UTC (Coordinated Universal Time) time zone by default, but you may wish to change the time on an instance to the local time or to another time zone in your network.    Important    These procedures are intended for use with Amazon Linux. For more information about other distributions, see their specific documentation.      To change the time zone on an instance    Identify the time zone to use on the instance. The  /usr/share/zoneinfo  directory contains a hierarchy of time zone data files. Browse the directory structure at that location to find a file for your time zone.      [ec2-user ~]$ ls /usr/share/zoneinfo  Africa      Chile    GB         Indian       Mideast   posixrules  US America     CST6CDT  GB-Eire    Iran         MST       PRC         UTC Antarctica  Cuba     GMT        iso3166.tab  MST7MDT   PST8PDT     WET Arctic      EET      GMT0       Israel       Navajo    right       W-SU ...   Some of the entries at this location are directo




















3 comments









Read more






























Amazon EC2 Server Setup & Installing JDK 8 and Tomcat 8, Running on Port 80 & 443 and Redirect Request from port 80 to 8080 and 443 to 8443




























   Amazon EC2 Server Setup & Installing JDK 8 and Tomcat 8, Running on Port 80 & 443 and Redirect Request from port 80 to 8080 and 443 to 8443.   Step 1 : Log in to your  aws account  by following this link       then click on my account and choose option aws management console.     Note: I am assuming you created your account with aws and you are ready with you account if you haven’t done then you can check out on google you will get many and it's a straight forward steps if you have still problem while creating an account you can comment in comment box i will also provide tutorial for that.   Once you logged in aws management console you are able to see window like this one      Note : Before we go ahead we have to select proper reason from right and side. I choose ohio region for this example.   Step 2 : Now you have to choose EC2 Server from Services tab on left side   top corner then choose EC2 Services from “Compute option ”     You will get window like this one and r




















11 comments









Read more