Solution for Transferring huge data from one S3 to another S3 in a different AWS account, securely and without VPC Peering.

0

Hi Team, I'm looking for a solution to transfer huge data from one S3 to other S3 bucket, in different AWS account i.e. cross accounts, having NO VPC Peering connection allowed. Solution should be cost highly secured and cost effective. They are two different enterprise units and no connections like VPC-Peering allowed between their networks. I thought of DataSync but not sure how secure we can make it. Pls suggest the best way to design it. Thanks

3 réponses
1
Réponse acceptée

Please take a look at Amazon S3 Batch Replication.

profile pictureAWS
EXPERT
kentrad
répondu il y a un an
profile picture
EXPERT
vérifié il y a 19 minutes
0
  • I proposed first option and included encryption keys with the valid policies on Source and Destination buckets and IAM roles tagged to Lambda moving the data cross-accounts. However the security is still a concern as I suggested to use AWS Key Management Service (KMS) to manage the encryption keys.

0

Not answering the question but a clarification:

VPC peering is not relevant in this situation. S3 doesn't "live" within a VPC so to access S3 buckets in different accounts you don't need to access a VPC in a different account.

If you wish to use S3 in a VPC without an Internet Gateway then you should most likely use a Gateway Endpoint - that endpoint will allow you to access S3 buckets in different accounts in the region where your VPC is. You can restrict access using an endpoint policy.

profile pictureAWS
EXPERT
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions