S3在不同帐户的存储桶之间移动文件? [英] S3 moving files between buckets on different accounts?
问题描述
我正在为具有2个单独的AWS账户的客户端做一些工作.我们需要将其S3帐户中一个存储桶中的所有文件移动到第二个帐户中的新存储桶.
I'm doing some work for a client that has 2 separate AWS accounts. We need to move all the files in a bucket on one of their S3 accounts to a new bucket on the 2nd account.
我们认为s3cmd将允许使用以下格式:
We thought that s3cmd would allow this, using the format:
s3cmd cp s3://bucket1 s3://bucket2 --recursive
但是,这仅允许我使用一个帐户的密钥,而不能指定第二个帐户的帐户.
However this only allows me to use the keys of one account and I can't specify the accounts of the 2nd account.
有没有一种方法,而无需下载文件并将它们再次上传到第二个帐户?
Is there a way to do this without downloading the files and uploading them again to the 2nd account?
推荐答案
您不必向所有人开放权限.使用以下有关源和目标的存储桶策略,使用IAM用户将一个存储桶中的存储桶复制到另一个帐户中
You don't have to open permissions to everyone. Use the below Bucket policies on source and destination for copying from a bucket in one account to another using an IAM user
-
要复制的存储桶:
SourceBucket
要复制到的存储桶:DestinationBucket
源AWS账户ID:XXXX–XXXX-XXXX
源IAM用户:src–iam-user
以下策略意味着– IAM用户-XXXX–XXXX-XXXX:src–iam-user
在DestinationBucket/*
The below policy means – the IAM user - XXXX–XXXX-XXXX:src–iam-user
has s3:ListBucket
and s3:GetObject
privileges on SourceBucket/*
and s3:ListBucket
and s3:PutObject
privileges on DestinationBucket/*
在SourceBucket上,策略应类似于:
On the SourceBucket the policy should be like:
{
"Id": "Policy1357935677554",
"Statement": [{
"Sid": "Stmt1357935647218",
"Action": ["s3:ListBucket"],
"Effect": "Allow",
"Resource": "arn:aws:s3:::SourceBucket",
"Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
}, {
"Sid": "Stmt1357935676138",
"Action": ["s3:GetObject"],
"Effect": "Allow",
"Resource": "arn:aws:s3:::SourceBucket/*",
"Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
}]
}
在DestinationBucket上,策略应为:
On the DestinationBucket the policy should be:
{
"Id": "Policy1357935677555",
"Statement": [{
"Sid": "Stmt1357935647218",
"Action": ["s3:ListBucket"],
"Effect": "Allow",
"Resource": "arn:aws:s3:::DestinationBucket",
"Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
}, {
"Sid": "Stmt1357935676138",
"Action": ["s3:PutObject"],
"Effect": "Allow",
"Resource": "arn:aws:s3:::DestinationBucket/*",
"Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
}]
}
要运行的命令是s3cmd cp s3://SourceBucket/File1 s3://DestinationBucket/File1
这篇关于S3在不同帐户的存储桶之间移动文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!