Reputation: 6701
Transfer S3 bucket contents from one account to other account in different regions
I am trying to transfer the S3 bucket contents using the AWS CLI from
AWS account A -> Tokyo region (ap-northeast-1) -> S3 bucket -> account1bucket
To
AWS account B -> N.Virginia region (us-east-1) -> S3 bucket -> account2bucket
Followed the steps from https://aws.amazon.com/premiumsupport/knowledge-center/account-transfer-s3/ by creating the exact bucket policies,IAM policy and executed the following command:
aws s3 sync s3://account1bucket s3://account2bucket
That’s giving me the following error :
object explorer, bucket explorer using Access ID/Secret Key and able to successfully connect to AWS account A but not AWS account B. The only difference i could see is MFA is enabled on AWS account B.Technically this shouldn't be a problem as i am able to publish contents to AWS account B S3 buckets from Jenkins using Access ID/Secret Key successfully.
Following are the policy's i have defined at the Source bucket level and the destination user acconut level:
AWS account A S3 bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "delegates3access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::AWSAccountB:user/[email protected]"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::account1bucket/*",
"arn:aws:s3:::account1bucket"
]
}
]
}
AWS account B user policy :
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::account1bucket",
"arn:aws:s3:::account1bucket/*",
"arn:aws:s3:::account2bucket",
"arn:aws:s3:::account2bucket/*"
]
}
}
Upvotes: 0
Views: 599
Answers (2)
Reputation: 6701
Instead of using the AWS destination account credentials, used the AWS source account credentials and it worked with the following command:
aws s3 sync s3://account1bucket s3://account2bucket --source-region ap-northeast-1
Upvotes: 0
Reputation: 816
You might want to read this excellent blog post about S3 replication across regions https://aws.amazon.com/blogs/aws/new-cross-region-replication-for-amazon-s3/
Upvotes: 1
Related Questions
- Amazon S3 server side bucket transfer
- AWS S3 How to move files from a bucket to another bucket in a different region
- How to access S3 bucket created in us-west-2 region from us-east-1 account?
- How to transfer an Amazon S3 bucket to another account?
- How can I replicate a bucket to multiple regions?
- Copy files from s3 bucket to another AWS account
- How to migrate S3 bucket to another account
- Copy all objects to another S3 bucket in different region with different structure
- s3 cross account and cross region data sync
- Move AWS s3 bucket to another aws account