堆栈内存溢出
  简体   繁体   English

将数据从一个AWS账户中的S3存储桶复制到另一个AWS账户中的S3存储桶

[英]Copy data from S3 bucket in one AWS account to S3 bucket in other AWS account

 原文  2019-02-04 14:10:05       amazon-web-services/ amazon-s3

问题描述

I'm trying to copy S3 bucket objects from one AWS to another AWS account. 我正在尝试将S3存储桶对象从一个AWS复制到另一个AWS账户。 I have followed this link here it works with one account A but gives Access Denied error when i used it with another account B. What could be the possible reason for that? 我在这里使用了此链接该链接可用于一个帐户A,但是当我将其与另一个帐户B一起使用时会出现“访问被拒绝”错误。 Is it related to some firewalls or security issues, even the source account B bucket has been made public. 它是否与某些防火墙或安全性问题相关,甚至源帐户B存储桶也已公开。 This is the policy applied to source bucket B 这是应用于源存储区B的策略 

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Sid": "DelegateS3Access",

      "Effect": "Allow",

      "Principal": {

        "AWS": "arn:aws:iam::12345678910:user/abc"

      },

      "Action": [

        "s3:ListBucket",

        "s3:GetObject"

      ],

      "Resource": [

        "arn:aws:s3:::sourceBucketB/*",

        "arn:aws:s3:::sourceBucketB"

      ]

    }

  ]

}

This is policy applied to destination account 这是套用至目标帐户的政策 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::sourcebucket",
                "arn:aws:s3:::sourcebucket/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::destinationbucket",
                "arn:aws:s3:::destinationbucket/*"
            ]
        }
    ] }

[here are the configurations of bucket from account B] [这是帐户B中存储桶的配置] 在此处输入图片说明 [1\\ [1 \\

I'm using the following command to copy from bucket B to destination account (using destination account profile) 我正在使用以下命令从存储区B复制到目标帐户(使用目标帐户配置文件)

aws s3 sync s3://sourceBucket s3://destinationBucket aws s3同步s3:// sourceBucket s3:// destinationBucket

Here is the error 这是错误

fatal error: An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied 致命错误:调用ListObjectsV2操作时发生错误(AccessDenied):访问被拒绝

2 个解决方案

解决方案1
 1  2019-02-04 14:25:45

This documentation contains the exact policy you require and the necessary steps. 本文档包含您需要的确切策略以及必要的步骤。

According to that documentation, the policy should look like this: 根据该文档,该策略应如下所示: 

{
  "Version": "2012-10-17",
  "Statement": [
     {
        "Sid": "Example permissions",
        "Effect": "Allow",
        "Principal": {
           "AWS": "arn:aws:iam::AccountB-ID:root"
        },
        "Action": [
           "s3:GetBucketLocation",
           "s3:ListBucket"
        ],
        "Resource": [
           "arn:aws:s3:::sourcebucket"
        ]
     }
  ]
}

解决方案2
 -1  2019-02-04 14:15:28

The easy way (grant all): 简单方法(全部授予): 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "*",
      "Principal": "*"
    }
  ]
}

Also this seems unnecessary and could complicate things (in your second policy): 同样,这似乎不必要,并且可能会使事情复杂化(在第二个策略中): 

{
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::sourcebucket",
                "arn:aws:s3:::sourcebucket/*"
            ]
        },

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将文件从一个AWS账户中的S3存储桶复制到另一个AWS账户 - Copy files from an S3 bucket in one AWS account to another AWS account Aws 使用 lambda python 将数据从一个 S3 存储桶复制到同一帐户上的另一个存储桶 - Aws copy data from one S3 bucket to another on same account using lambda python 将文件从s3存储桶复制到另一个AWS账户 - Copy files from s3 bucket to another AWS account 使用Lambda将S3数据从一个AWS账户推送到另一个S3存储桶 - Pushing S3 data from one AWS account to another S3 bucket using Lambda 将 S3 存储桶从一个 AWS 账户复制到另一个 AWS 账户在传输过程中是否安全? - Is copying an S3 bucket from one AWS account to another AWS account secure in transit? AWS S3 - 将一个账户拥有的文件复制到另一个账户的存储桶所有者中 - AWS S3 - Copy files owned by one account in a bucket owner by another account AWS Lambda 将数据放入跨账户 s3 存储桶 - AWS Lambda put data to cross account s3 bucket 从不同的AWS帐户访问S3存储桶 - Access s3 bucket from different aws account 使用角色从另一个帐户访问AWS S3存储桶 - Access AWS S3 bucket from another account using roles 如何从另一个 AWS 账户访问公共 S3 存储桶? - How to access a public S3 bucket from another AWS account?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM