s3 cross account access

Hello.

I think you'll be able to use it if you configure the S3 bucket policy to allow the IAM role used by MWAA.
For example, if you configure the bucket policy as follows, access from MWAA in account B to S3 in account A will be permitted.

import * as s3 from 'aws-cdk-lib/aws-s3';
import * as iam from 'aws-cdk-lib/aws-iam';

const bucket = new s3.Bucket(this, 'S3bucketname');

// MWAA role ARN for Account B
const mwaaRoleArn = 'arn:aws:iam::ACCOUNT_B_ID:role/MWAARole';

bucket.addToResourcePolicy(new iam.PolicyStatement({
  principals: [new iam.ArnPrincipal(mwaaRoleArn)],
  actions: [
    's3:GetObject',
    's3:ListBucket'
  ],
  resources: [
    bucket.bucketArn,
    `${bucket.bucketArn}/*`
  ],
}));