Copying Data Between AWS S3 Buckets in Member Accounts and Organizational Units in AWS

 February 6, 2025 0 Comments

Copying data between S3 buckets in different AWS accounts, particularly when working with member accounts and organizational units (OUs), involves transferring objects from one bucket to another across AWS accounts. This process requires appropriate permissions, such as granting cross-account access via bucket policies, IAM roles, and ensuring both accounts are properly configured for secure access.

Step 1: Set Up Permissions

You need to grant the necessary permissions to the source and destination S3 buckets.

1.1 – Source Bucket Policy (In Member Account)

Modify the bucket policy in the source account to allow access from the destination account:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<DESTINATION_ACCOUNT_ID>:root"
            },
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::SOURCE_BUCKET_NAME",
                "arn:aws:s3:::SOURCE_BUCKET_NAME/*"
            ]
        }
    ]
}

Replace <DESTINATION_ACCOUNT_ID> with the destination AWS account ID.

1.2 – Destination Bucket Policy (In OU Account)

Ensure the destination bucket allows writes from the source account:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<SOURCE_ACCOUNT_ID>:root"
            },
            "Action": [
                "s3:PutObject"
            ],
            "Resource": "arn:aws:s3:::DESTINATION_BUCKET_NAME/*"
        }
    ]
}

Replace <SOURCE_ACCOUNT_ID> with the source AWS account ID.

Step 2: Use AWS CLI to Copy Data

Once permissions are set, use the AWS CLI to copy the data.

2.1 – Sync Using AWS CLI

Run the following command from destination AWS CLI session to copy single file from source to destination :

aws s3 cp s3://SOURCE_BUCKET_NAME/FILE_NAME s3://DESTINATION_BUCKET_NAME/FILE_NAME

Run the following command from destination AWS CLI session to copy a complete folder from source to destination:

aws s3 cp s3://SOURCE_BUCKET_NAME/FOLDER_NAME s3://DESTINATION_BUCKET_NAME/FOLDER_NAME --recursive

Run the following command from destination AWS CLI session to copy all the files and folders from source to destination :

aws s3 cp s3://SOURCE_BUCKET_NAME s3://DESTINATION_BUCKET_NAME --recursive

You Might Also Like
You are Viewing The Most Recent Post

Leave a Reply

Your email address will not be published. Required fields are marked *