Solution for Transferring huge data from one S3 to another S3 in a different AWS account, securely and without VPC Peering.

0

Hi Team, I'm looking for a solution to transfer huge data from one S3 to other S3 bucket, in different AWS account i.e. cross accounts, having NO VPC Peering connection allowed. Solution should be cost highly secured and cost effective. They are two different enterprise units and no connections like VPC-Peering allowed between their networks. I thought of DataSync but not sure how secure we can make it. Pls suggest the best way to design it. Thanks

3回答
1
承認された回答

Please take a look at Amazon S3 Batch Replication.

profile pictureAWS
エキスパート
kentrad
回答済み 1年前
0
  • I proposed first option and included encryption keys with the valid policies on Source and Destination buckets and IAM roles tagged to Lambda moving the data cross-accounts. However the security is still a concern as I suggested to use AWS Key Management Service (KMS) to manage the encryption keys.

0

Not answering the question but a clarification:

VPC peering is not relevant in this situation. S3 doesn't "live" within a VPC so to access S3 buckets in different accounts you don't need to access a VPC in a different account.

If you wish to use S3 in a VPC without an Internet Gateway then you should most likely use a Gateway Endpoint - that endpoint will allow you to access S3 buckets in different accounts in the region where your VPC is. You can restrict access using an endpoint policy.

profile pictureAWS
エキスパート
回答済み 1年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ