Reputation: 4418
Copying S3 files from one account to another
I am trying to simply copy some files from another S3 account to mine, but I am constantly facing the following error -
An error occurred (AccessDenied) when calling the UploadPartCopy operation: Cannot access through this access point
I have added policies on the IAM user and the bucket for the required copy-paste operation-
IAM Policy (Destination User)-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:GetObjectTagging",
"s3:PutObjectTagging"
],
"Resource": [
"arn:aws:s3:us-west-2:620889225884:accesspoint/bulian-ai-mdl-parquet-1-access-point/*",
"arn:aws:s3:us-west-2:620889225884:accesspoint/bulian-ai-mdl-parquet-1-access-point",
"arn:aws:s3:::bulian-ai-mdl-parque-eziseoueyefwzsncu4iwr13fgpocyusw2b-s3alias/*",
"arn:aws:s3:::bulian-ai-mdl-parque-eziseoueyefwzsncu4iwr13fgpocyusw2b-s3alias",
"arn:aws:s3:::mobilelocationfeed.parquet.usw2.onemata.com/*",
"arn:aws:s3:::mobilelocationfeed.parquet.usw2.onemata.com"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObjectTagging",
"s3:PutObjectTagging"
],
"Resource": [
"arn:aws:s3:::bulianai/",
"arn:aws:s3:::bulianai/*"
]
}
]
}
Bucket Policy (Destination) -
{
"Version": "2012-10-17",
"Id": "Policy1611277539797",
"Statement": [
{
"Sid": "Stmt1611277535086",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::864295014592:user/bulian_demo"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::bulianai/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
},
{
"Sid": "Stmt1611277877767",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::864295014592:user/bulian_demo"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::bulianai"
}
]
}
I am able to list the source files on the CLI therefore this account does have access to the source bucket, I am not quite sure what exactly the issue is over here.
Edit -
Source Bucket
s3://bulian-ai-mdl-parque-eziseoueyefwzsncu4iwr13fgpocyusw2b-s3alias/location_country=IN/output_year=2022/output_month=10/output_day=01/
Destination Bucket
s3://bulianai/OneMata/
Upvotes: 0
Views: 248
Answers (1)
Reputation: 11604
Strange I have never seen such a usage of wildcards docs - https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html
"s3:Get*", "s3:List*", "s3:Put*"Your iam policy is missing permissions for source or destination bucket ( unclear what is source or destination)
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::source-DOC-EXAMPLE-BUCKET", "arn:aws:s3:::source-DOC-EXAMPLE-BUCKET/*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::destination-DOC-EXAMPLE-BUCKET", "arn:aws:s3:::destination-DOC-EXAMPLE-BUCKET/*" ] } ] }
Follow this https://aws.amazon.com/premiumsupport/knowledge-center/copy-s3-objects-account/
Upvotes: 1
Related Questions
- Amazon S3 File Permissions, Access Denied when copied from another account
- Move files directly from one S3 account to another?
- How to copy files from a bucket on one AWS account to a bucket on another AWS account?
- AWS S3 - Copy files owned by one account in a bucket owner by another account
- copy or transfer document between two different aws s3 account
- Copy files from s3 bucket to another AWS account
- Copy S3 files to another S3 in a different account as they land
- Copy files from an S3 bucket in one AWS account to another AWS account
- How to copy files from one AWS account to Another AWS Account
- Copying S3 Files across AWS account using s3-dist-cp