How can we copy s3 files between buckets of different account/credentials using s3 cp and different profiles?

Question 1

I created two profiles (one for source and one for target bucket) and using below command to copy:

aws s3 cp --profile source_profile s3://source_bucket/file.txt --profile target_profile s3://target_profile/

1 2	aws s3 cp --profile source_profile s3://source_bucket/file.txt --profile target_profile s3://target_profile/

But it throws below error.

fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden

1 2	fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden

Looks like we can’t use multiple profiles with aws commands.

Question 2

The simplest method is to grant permissions via a bucket policy.

Say you have:

Account-A with IAM User-A
Account-B with Bucket-B

Add a bucket policy on Bucket-B:

{
  "Id": "CopyBuckets",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "GrantAccessToUser-A",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::bucket-b",
        "arn:aws:s3:::bucket-b/*"
      ],
      "Principal": {
        "AWS": [
          "arn:aws:iam::<account-a-id>:user/user-a"
        ]
      }
    }
  ]
}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

{

"Id": "CopyBuckets",

"Version": "2012-10-17",

"Statement": [

{

"Sid": "GrantAccessToUser-A",

"Action": "s3:*",

"Effect": "Allow",

"Resource": [

"arn:aws:s3:::bucket-b",

"arn:aws:s3:::bucket-b/*"

],

"Principal": {

"AWS": [

"arn:aws:iam:::user/user-a"

]

}

]

}

Then just copy the files as User-A.

See also: aws sync between S3 buckets on different AWS accounts

How can we copy s3 files between buckets of different account/credentials using s3 cp and different profiles?

Question:

Answer:

Leave a Reply Cancel reply