How to Sync S3 Bucket to Different AWS Account

2021/2/112 min read
bookmark this
Responsive image

This blog shows how to move S3 Bucket content from one AWS account to another AWS account.

Scenario, this blog assumes to move S3 bucket technoapple.images from AWS Account xxx to AWS Account yyy's S3 bucket ta.images. It basically provides cross-account access to S3 buckets.

Source Bucket Setup

First, need to go to Account A's bucket, in this blog's example, should be technoapple.images bucket. Next, we'll need to add the Bucket policy to account A's bucket but will also replace few values so Account B can access it.

Replace following ACCOUNT-B-ID to account B's id, replace ACCOUNT-B-USER to the account B's user which later will perform S3 file sync. ACCOUNT-A-Bucket-Name replaces the technoapple.images. 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::{ACCOUNT-B-ID}:user/{ACCOUNT-B-USER}"
            },
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::{ACCOUNT-A-Bucket-NAME}/*",
                "arn:aws:s3:::{ACCOUNT-A-Bucket-NAME}" 
           ]
        }
    ]
}

Destination Bucket Setup

Setup Custom Policy

For the destination bucket setup, we need to set up a user and has permission to perform bucket sync. Following policy just tell that we'll have access to both buckets.  

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::technoapple.images",
                "arn:aws:s3:::technoapple.images/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::ta.images",
                "arn:aws:s3:::ta.images/*"
            ]
        }
    ]
}

Create a User and Attach the Policy

AWS Configure

Here, you'll run AWS configure and add use the user who has the custom policy.  

Execute the Command

At this point, both buckets should be ready and we can run the command to copy files from account A's bucket to account B's bucket. 

aws s3 sync s3://{source bucket name} s3://{target bucket name} --source-region {source region} --region {target region}
// following is example 
aws s3 sync s3://technoapple.images s3://ta.images --source-region us-west-2 --region us-west-1

Conclusion

This blog shows how to move a bucket's file from one account to another account. This will be useful if you want to retire one account and move files from one account to another account, or move S3 content between each development environment.

S3

More Blogs Like This