1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
They need GetObject, ListBucket on the source bucket. Also they need PutObject on the destination bucket.
Permissions do not matter WHERE the command is executed. It matters what they are executed against.
You can do this with a bucket policy, or in a role. A bucket policy would have to identify the Principals and is IMO a little more cumbersome.
Here is an example using a role: Put it in a policy attached to a role, and attach the role to an EC2 instance or to an EC2 user.
Here's the policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SourceBucket",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::bucket-a",
"arn:aws:s3:::bucket-a/*"
]
},
{
"Sid": "DestBucket",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::bucket-b",
"arn:aws:s3:::bucket-b/*"
]
}
]
}
répondu il y a 7 ans
Contenus pertinents
- demandé il y a 6 mois
- demandé il y a un an
- demandé il y a 4 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 4 mois