将文件从一个帐户中的 AWS S3 存储桶复制到 terraform/python 中另一个帐户中的存储桶
[英]copy files from AWS S3 bucket in one account to bucket in another account in terraform/python
问题描述
Say if I have some data stored in account A, i want to be able to use some of them in account B (mainly for SageMaker usage), I guess I can copy files from bucket in account A to a bucket in account B, i did find some solutions by using aws cli, but is there a terraform / python solution to achieve this?
假设我在账户 A 中存储了一些数据,我希望能够在账户 B 中使用其中一些数据(主要用于 SageMaker),我想我可以将文件从账户 A 中的存储桶复制到账户 B 中的存储桶,我确实通过使用 aws cli 找到了一些解决方案,但是是否有 terraform / python 解决方案来实现这个?
Is there an easy way to make one s3 bucket in account A to be accessible from account B?有没有一种简单的方法可以使帐户 A 中的一个 s3 存储桶可以从帐户 B 访问? & what's the implementation look like in terraform/python (eg: boto3)? &在 terraform/python 中的实现是什么样的(例如:boto3)?
1 个解决方案
解决方案1
0 2023-01-04 15:52:30
In terraform you can do something like this:在 terraform 你可以这样做:
terraform apply \
-var="prod_access_key=AAAAAAAAAAAAAAAAAAA" \
-var="prod_secret_key=SuperSecretKeyForAccountA" \
-var="test_account_id=123456789012" \
-var="test_access_key=BBBBBBBBBBBBBBBBBBB" \
-var="test_secret_key=SuperSecretKeyForAccountB" \
-var="bucket_name=tf-bucket-in-prod" \
Im not sure where you plan to run python from, but to answer your question you need to permit the IAM Role in Account A to assume an IAM Role in account B. As S3 also allows resource based policies you can create a bucket which includes a resource policy permitting another account:我不确定您计划从哪里运行 python,但要回答您的问题,您需要允许账户 A 中的 IAM 角色承担账户 B 中的 IAM 角色。由于 S3 还允许基于资源的策略,您可以创建一个存储桶,其中包含一个允许另一个帐户的资源策略:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-walkthroughs-managing-access-example2.html https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-walkthroughs-managing-access-example2.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.