Reputation: 365
Put Object to S3 Bucket of another account
We are able to put objects into our S3 Bucket.
But now we have a requirement that we need to put these Object directly to an S3 Bucket which belongs to a different account and different region.
Here we have few questions:
- Is this possible?
- If possible what changes we need to do for this?
They have provided us Access Key, Secret Key, Region, and Bucket details.
Any comments and suggestions will be appreciated.
Upvotes: 2
Views: 5301
Answers (2)
Reputation: 269340
IAM credentials are associated with a single AWS Account.
When you launch your own Amazon EC2 instance with an assigned IAM Role, it will receive access credentials that are associated with your account.
To write to another account's Amazon S3 bucket, you have two options:
Option 1: Your credentials + Bucket Policy
The owner of the destination Amazon S3 bucket can add a Bucket Policy on the bucket that permits access by your IAM Role. This way, you can just use the normal credentials available on the EC2 instance.
Option 2: Their credentials
It appears that you have been given access credentials for their account. You can use these credentials to access their Amazon S3 bucket.
As detailed on Working with AWS Credentials - AWS SDK for Java, you can provide these credentials in several ways. However, if you are using BOTH the credentials provided by the IAM Role AND the credentials that have been given to you, it can be difficult to 'switch between' them. (I'm not sure if there is a way to tell the Credentials Provider to switch between a profile stored in the ~/.aws/credentials file and those provided via instance metadata.)
Thus, the easiest way is to specify the Access Key and Secret Key when creating the S3 client:
BasicAWSCredentials awsCreds = new BasicAWSCredentials("access_key_id", "secret_key_id");
AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(awsCreds))
.build();
It is generally not a good idea to put credentials in your code. You should load them from a configuration file.
Upvotes: 3
Related Questions
- How to PUT S3 objects from another AWS account into your own account S3 bucket using assume role?
- Copying S3 files from one account to another
- AWS S3 - Copy files owned by one account in a bucket owner by another account
- How to transfer an Amazon S3 bucket to another account?
- Copy files from s3 bucket to another AWS account
- Access s3 bucket from different aws account
- How to migrate S3 bucket to another account
- AWS S3 upload to a bucket in a different account and give ownership to that account?
- How to migrate s3 to another account
- is is possible to move/copy an s3 bucket to a different account?