我们如何使用s3 cp和不同的配置文件在不同帐户/凭据的存储桶之间复制s3文件? [英] How can we copy s3 files between buckets of different account/credentials using s3 cp and different profiles?

问题描述

我创建了两个配置文件(一个用于源存储桶，一个用于目标存储桶)，并使用以下命令进行复制:

I created two profiles (one for source and one for target bucket) and using below command to copy:

aws s3 cp --profile source_profile s3://source_bucket/file.txt --profile target_profile s3://target_profile/

但是它抛出以下错误.

fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden

好像我们不能在aws命令中使用多个配置文件.

Looks like we can't use multiple profiles with aws commands.

推荐答案

最简单的方法是通过存储桶策略授予权限.

The simplest method is to grant permissions via a bucket policy.

说你有

• 具有IAM用户A的帐户A
• 带有桶B的帐户B

在存储桶B上添加存储桶策略:

Add a bucket policy on Bucket-B:

{
  "Id": "CopyBuckets",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "GrantAccessToUser-A",
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::bucket-b",
        "arn:aws:s3:::bucket-b/*"
      ],
      "Principal": {
        "AWS": [
          "arn:aws:iam::<account-a-id>:user/user-a"
        ]
      }
    }
  ]
}

然后只需将文件复制为用户A.

Then just copy the files as User-A.

另请参见:不同的AWS账户上的S3存储桶之间的aws sync

See also: aws sync between S3 buckets on different AWS accounts

这篇关于我们如何使用s3 cp和不同的配置文件在不同帐户/凭据的存储桶之间复制s3文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！