![](/img/trans.png)
[英]Copy files from an S3 bucket in one AWS account to another AWS account
[英]Copy data from S3 bucket in one AWS account to S3 bucket in other AWS account
我正在嘗試將S3存儲桶對象從一個AWS復制到另一個AWS賬戶。 我在這里使用了此鏈接,該鏈接可用於一個帳戶A,但是當我將其與另一個帳戶B一起使用時會出現“訪問被拒絕”錯誤。 它是否與某些防火牆或安全性問題相關,甚至源帳戶B存儲桶也已公開。 這是應用於源存儲區B的策略
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DelegateS3Access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12345678910:user/abc"
},
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::sourceBucketB/*",
"arn:aws:s3:::sourceBucketB"
]
}
]
}
這是套用至目標帳戶的政策
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::sourcebucket",
"arn:aws:s3:::sourcebucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::destinationbucket",
"arn:aws:s3:::destinationbucket/*"
]
}
] }
我正在使用以下命令從存儲區B復制到目標帳戶(使用目標帳戶配置文件)
aws s3同步s3:// sourceBucket s3:// destinationBucket
這是錯誤
致命錯誤:調用ListObjectsV2操作時發生錯誤(AccessDenied):訪問被拒絕
本文檔包含您需要的確切策略以及必要的步驟。
根據該文檔,該策略應如下所示:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Example permissions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::AccountB-ID:root"
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::sourcebucket"
]
}
]
}
簡單方法(全部授予):
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": "*",
"Principal": "*"
}
]
}
同樣,這似乎不必要,並且可能會使事情復雜化(在第二個策略中):
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::sourcebucket",
"arn:aws:s3:::sourcebucket/*"
]
},
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.