- 최신
- 최다 투표
- 가장 많은 댓글
Hello Omar,
When you share an S3 bucket from one account to another using bucket policies and aws:PrincipalOrgPaths
, the bucket will not appear in the child account's S3 console as if it were owned by the child account. The bucket will continue to appear in the S3 console of the account where it is created. The ListBucket
permission in the bucket policy allows the child account to access the contents of the bucket but does not make it visible in the S3 console of the child account.
So, not being able to see the shared S3 buckets in the child accounts' list of buckets, is expected.
If you want to have a centralized view of all shareable buckets from the management account, you would need to create a centralized management system or use AWS services like AWS Organizations to create multiple accounts and AWS Resource Access Manager (RAM) to manage shared resources across them.
For your other question, if the buckets you are trying to share can have the same permissions, you can create a single bucket policy that allows the necessary permissions for the buckets you want to share.
Then, use variables like "aws:Requester"
or "aws:PrincipalOrgPaths"
in your bucket policy to specify which accounts or organizational paths have access to the bucket.
Hope this could help! :D
Sources: https://docs.aws.amazon.com/it_it/controltower/latest/userguide/what-is-control-tower.html
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started.html
관련 콘텐츠
- AWS 공식업데이트됨 2년 전
Thank you for your answer. Could you give me any doc for having a centralized view of all shareable buckets using AWS RAM? I can only see S3 outposts in the list of shareable resources using RAM.
Also, can I share an existing Sagemaker notebook instance within the management account with the members of the organization? In the list, I can only see Sagemaker pipelines and some other features not including notebook instances.