Pushing S3 data from one AWS account to another S3 bucket using Lambda
Question
My use-case is to push data from one AWS account S3 bucket to another AWS account S3 bucket continuously. A cross account push.
I'm using lambda to do this job.
Assume in AWS account A, data is frequently landed from some source into S3 bucket. I need to create an S3 trigger which will invoke Lambda function in AWS account A and push account A S3 bucket data to another S3 bucket in AWS account B.
Is this possible?
1 answers
solution1
0 2019-06-11 05:05:49
Yes!
Firstly, if the buckets are in different regions, you could use Cross-Region Replication and Amazon S3 will do it all for you automatically.
If not, then your proposed plan looks fine. It would involve:
- An Amazon S3 Event to trigger the Lambda function whenever a new object is created
- The Lambda function receives the Bucket Name and Key of the new object
- The Lambda function should then call
CopyObject()to copy the object to the other bucket (in the other account)
The most important element is to give permissions to the Lambda function running in Account-A to write to the bucket in Account-B . This can be done by:
- Creating an IAM Role (
Role-A) inAccount-Athat is used by the Lambda function - Adding a Bucket Policy to the bucket in
Account-Bthat permitsPutObjectfromRole-A(by specifying the ARN ofRole-A)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.