- Newest
- Most votes
- Most comments
It's a permissions issue, but I think you already know that.
You've got the account with the source bucket (in Canada), and the account with the target bucket (in us-east-1).
Which account is your Python script being run by? This bit here boto3.Session(profile_name=aws_profile, region_name=region_name)
If these are the credentials of a user in the account which contains the source bucket, then the bucket policy of the target bucket in the target account needs to explicitly grant sufficient privileges to this user in the source account.
(or the other way around, if the credentials used in the script are in the account with the target bucket, then the source bucket policy needs to grant sufficient privileges)
If KMS keys are being used then it's the same story there, the key policy has to explicitly grant access to the user.
This link will really help you https://docs.aws.amazon.com/AmazonS3/latest/userguide/troubleshoot-403-errors.html
Relevant content
- asked 5 months ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
Steve, Thanks. I figured it was some permission thing, yes. What I was doing was using both profile in a source/destination fashion and then chasing IAM permissions. I might be making this too hard. The code is on my mac and the AWS CLI config has both profiles with proper, tested keys. So, I think I'm hearing that I can simplify this by picking one profile and giving that IAM user the right permissions. The destination S3 is associated with the default profile so I can just give that user on that account the permissions to read/write for the two buckets. Do I have this right? Thanks for the answer and the link.
One other point. I did a quick cp from my terminal with the default account and it wrote a file to the destination bucket, no problem. Armed with that, I'll dig into the documentation, thanks again, and get the right permissions to get the objects from the source. Fun times!