Copy S3 bucket objects from another AWS account

February 21, 2022 | By Gerald | Filed in: AWS.

In this guide, you will learn how to copy S3 bucket objects from another AWS account. If you are migrating the application from another AWS account and also including the objects in S3 bucket, this guide can help you.

Assuming that AWS account 1 is your current existing account and AWS account 2 is your newly created account, and you need to move the S3 objects on AWS account 2.

AWS Account 1

Create new IAM user and create a custom policy below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "TheExistingS3BucketFromAWSAccount1",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::old-S3Bucket",
                "arn:aws:s3:::old-S3Bucket/*"
            ]
        },
        {
            "Sid": "TheNewlyCreatedS3BucketFromAWSAccount2",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::new-S3Bucket",
                "arn:aws:s3:::new-S3Bucket/*"
            ]
        }
    ]
}

Attach the policy to your IAM User

Copy the ARN from your IAM User

arn:aws:iam::1234567890:user/eric

Look for the S3 bucket permission from the source bucket, make sure it looked like this below.

AWS Account 2

Go to S3 Bucket and modify the Bucket policy under Permission tab. Copy the bucket policy below and make sure to replace the ARN user and the bucket name.

{
	"Version": "2012-10-17",
	"Id": "Policy1611277539797",
	"Statement": [
		{
			"Sid": "Stmt1611277535086",
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::1234567890:user/eric"
			},
			"Action": "s3:PutObject",
			"Resource": "arn:aws:s3:::new-S3Bucket/*",
			"Condition": {
				"StringEquals": {
					"s3:x-amz-acl": "bucket-owner-full-control"
				}
			}
		},
		{
			"Sid": "Stmt1611277877767",
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::1234567890:user/eric"
			},
			"Action": "s3:ListBucket",
			"Resource": "arn:aws:s3:::new-S3Bucket"
		}
	]
}

Look for the S3 bucket permission from the source bucket, make sure it the same permission below.

Terminal Command Line

Open terminal console from your computer and install latest version of AWS CLI and then create AWS credentials from your AWS IAM user.

Configure the AWS credentials from your computer after installing AWS CLI, run command:

aws configure

To copy the S3 bucket objects from another AWS account, use the following command below:

aws s3 cp s3://dev-ifreelance/ s3://uat-ifreelance/ --recursive --acl bucket-owner-full-control

Optional:

If you are getting error, disables all bucket ACLs and ACLs on any objects in your bucket.

If you need more details, visit AWS blog: https://aws.amazon.com/premiumsupport/knowledge-center/copy-s3-objects-account/

SHARE THIS ARTICLE

Related Posts:


Tags: , ,

«
»

Leave a Reply

Your email address will not be published. Required fields are marked *