In this post I’ll walk you through on how to setup cross Account S3 Bucket access using Bucket Policy.
You can watch this youtube video or follow through the steps:
Steps:
First Make sure you have the CLI ready. I have a video that shows you how to set it up:
We will need 2 accounts. Account A will provide access to Account B on one of Account A’s bucket.
On Account A — Create a new Bucket:
Add some items into the bucket.
Enter the following policy text in the bucket policy of the Account A.
Change the Account ID and bucket Name to match your Account ID and S3 bucket Name
** if you remove the second line from the resource section, then you cannot copy the files inside the bucket and only list the bucket. With the second line you get access to every object inside the bucket.
Use AWS CLI with Account B’s access credentials and enter this command:
$ aws s3 ls bucketname
You should be able to list the bucket and copy content from another account.
Now try adding this to the bucket policy and get finer controls:
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “Example permissions”,
“Effect”: “Allow”,
“Principal”: {
“AWS”: “arn:aws:iam::771452637355:root”
},
“Action”: “s3:*”,
“Resource”: [
“arn:aws:s3:::my-buicketsdsdsd”,
“arn:aws:s3:::my-buicketsdsdsd/*”
]
},
{
“Sid”: “Deny permission”,
“Effect”: “Deny”,
“Principal”: {
“AWS”: “arn:aws:iam::771452637355:root”
},
“Action”: “s3:GetObject”,
“Resource”: “arn:aws:s3:::my-buicketsdsdsd/*”
}
]
}
You must log in to post a comment.
Hmm is anyone else having problems with the pictures on this blog loading? I’m trying to figure out if its a problem on my end or if it’s the blog. Any responses would be greatly appreciated.
Yeah bookmaking this wasn’t a risky decision great post! .
Oh my goodness! an incredible article dude. Thanks However I’m experiencing problem with ur rss . Don’t know why Unable to subscribe to it. Is there anybody getting similar rss downside? Anyone who is aware of kindly respond. Thnkx