How to Copy S3 Objects Between AWS Accounts

Home /
Blog Posts /
How to copy S3 objects between AWS accounts

Published on 28 April 2022

Estimated reading time: 1 min

In your source account create a customer-managed policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::source-EXAMPLE-BUCKET",
                "arn:aws:s3:::source-EXAMPLE-BUCKET/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::destination-EXAMPLE-BUCKET",
                "arn:aws:s3:::destination-EXAMPLE-BUCKET/*"
            ]
        }
    ]
}

In your destination bucket, update the bucket policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::1234567890:user/Andrew"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::destination-EXAMPLE-BUCKET/*",
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-acl": "bucket-owner-full-control"
                }
            }
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::1234567890:user/Andrew"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::destination-EXAMPLE-BUCKET"
        }
    ]
}

Testing the S3 copy between accounts:

aws s3 cp s3://source-EXAMPLE-BUCKET/object.txt s3://destination-EXAMPLE-BUCKET/object.txt --acl bucket-owner-full-control

Published on 28 April 2022

Filed under #Aws, #CLI, #S3