S3在不同帐户的存储桶之间移动文件? [英] S3 moving files between buckets on different accounts?

问题描述

我正在为具有2个单独的AWS账户的客户端做一些工作.我们需要将其S3帐户中一个存储桶中的所有文件移动到第二个帐户中的新存储桶.

I'm doing some work for a client that has 2 separate AWS accounts. We need to move all the files in a bucket on one of their S3 accounts to a new bucket on the 2nd account.

我们认为s3cmd将允许使用以下格式:

We thought that s3cmd would allow this, using the format:

s3cmd cp s3://bucket1 s3://bucket2 --recursive

但是，这仅允许我使用一个帐户的密钥，而不能指定第二个帐户的帐户.

However this only allows me to use the keys of one account and I can't specify the accounts of the 2nd account.

有没有一种方法，而无需下载文件并将它们再次上传到第二个帐户?

Is there a way to do this without downloading the files and uploading them again to the 2nd account?

推荐答案

您不必向所有人开放权限.使用以下有关源和目标的存储桶策略，使用IAM用户将一个存储桶中的存储桶复制到另一个帐户中

You don't have to open permissions to everyone. Use the below Bucket policies on source and destination for copying from a bucket in one account to another using an IAM user

• 要复制的存储桶:SourceBucket

要复制到的存储桶:DestinationBucket

源AWS账户ID:XXXX–XXXX-XXXX

源IAM用户:src–iam-user

以下策略意味着– IAM用户-XXXX–XXXX-XXXX:src–iam-user在DestinationBucket/*

The below policy means – the IAM user - XXXX–XXXX-XXXX:src–iam-user has s3:ListBucket and s3:GetObject privileges on SourceBucket/* and s3:ListBucket and s3:PutObject privileges on DestinationBucket/*

在SourceBucket上，策略应类似于:

On the SourceBucket the policy should be like:

{
  "Id": "Policy1357935677554",
  "Statement": [{
    "Sid": "Stmt1357935647218",
    "Action": ["s3:ListBucket"],
    "Effect": "Allow",
    "Resource": "arn:aws:s3:::SourceBucket",
    "Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
  }, {
    "Sid": "Stmt1357935676138",
    "Action": ["s3:GetObject"],
    "Effect": "Allow",
    "Resource": "arn:aws:s3:::SourceBucket/*",
    "Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
  }]
}

在DestinationBucket上，策略应为:

On the DestinationBucket the policy should be:

{
  "Id": "Policy1357935677555",
  "Statement": [{
    "Sid": "Stmt1357935647218",
    "Action": ["s3:ListBucket"],
    "Effect": "Allow",
    "Resource": "arn:aws:s3:::DestinationBucket",
    "Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
  }, {
    "Sid": "Stmt1357935676138",
    "Action": ["s3:PutObject"],
    "Effect": "Allow",
    "Resource": "arn:aws:s3:::DestinationBucket/*",
    "Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
  }]
}

要运行的命令是s3cmd cp s3://SourceBucket/File1 s3://DestinationBucket/File1

这篇关于S3在不同帐户的存储桶之间移动文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！