- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hi Siva,
I would like to understand the permissions a little better. But from what I could understand, it seems like a permission issue while getting the object. With which user are you running the GET operation using SDK? Is it the user in the source account or the destination account?
I would suggest reading through this knowledge article. It provides some guidance on how to handle cross-account data copy in S3.
Hope this helps.
Hi Siva,
Apologies for the delayed response. When looking at the policy closely, I see that the last line in the source account user policy is missing an asterisk (*). That could be an issue.
I am willing to work with you on this issue if you'd like to give me access to your accounts.
Hi Mukul, Thanks for the response. Asterisk (*) was there in the policy. somehow it was not showing properly in the comment.
Hi Siva,
That's weird. I can help if you are OK to provide me access to the accounts. Let me know your thoughts.
Contenus pertinents
- demandé il y a un an
- demandé il y a 6 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 4 mois
- AWS OFFICIELA mis à jour il y a 2 ans
The user is in a destination account.
Hi Siva,
Looks like the permissions are not set appropriately in the destination account. It would be useful to share the bucket policy in the destination account.
The article I shared earlier provides a good overview of what is needed.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<SourceAccount-ID>:user/<SourceUser>" }, "Action": [ "s3:ReplicateObject", "s3:PutObject", "s3:GetObjectAcl", "s3:PutObjectAcl", "s3:GetObject", "s3:PutObjectRetention", "s3:RestoreObject", "s3:DeleteObject" ], "Resource": "arn:aws:s3:::easedev-fileserver/*" } ] }
Hi Mukul,
I've followed the steps mentioned in https://repost.aws/en/knowledge-center/copy-s3-objects-account post.
I'm getting an access denied error while trying to upload a file.
Here is the bucket policy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::692352210126:user/s3user" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::easedev-fileserver/*", "Condition": { "StringEquals": { "s3:x-amz-acl": "bucket-owner-full-control" } } }, { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::692352210126:user/s3user" }, "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::easedev-fileserver" } ] }
Source account user policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::nww-fileserver-bucket", "arn:aws:s3:::nww-fileserver-bucket/" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::easedev-fileserver", "arn:aws:s3:::easedev-fileserver/" ] } ] }