Solution for Transferring huge data from one S3 to another S3 in a different AWS account, securely and without VPC Peering.
Hi Team, I'm looking for a solution to transfer huge data from one S3 to other S3 bucket, in different AWS account i.e. cross accounts, having NO VPC Peering connection allowed. Solution should be cost highly secured and cost effective. They are two different enterprise units and no connections like VPC-Peering allowed between their networks. I thought of DataSync but not sure how secure we can make it. Pls suggest the best way to design it. Thanks
Please refer following article.
Here are additional options.
https://www.ais.com/methods-to-transfer-data-between-amazon-aws-s3-buckets/
Hope this helps.
I proposed first option and included encryption keys with the valid policies on Source and Destination buckets and IAM roles tagged to Lambda moving the data cross-accounts. However the security is still a concern as I suggested to use AWS Key Management Service (KMS) to manage the encryption keys.
Not answering the question but a clarification:
VPC peering is not relevant in this situation. S3 doesn't "live" within a VPC so to access S3 buckets in different accounts you don't need to access a VPC in a different account.
If you wish to use S3 in a VPC without an Internet Gateway then you should most likely use a Gateway Endpoint - that endpoint will allow you to access S3 buckets in different accounts in the region where your VPC is. You can restrict access using an endpoint policy.
Relevant content
AWS OFFICIALUpdated 2 months ago- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 10 months ago
Thanks. I found this one - https://aws.amazon.com/blogs/storage/cross-account-bulk-transfer-of-files-using-amazon-s3-batch-operations/ And to add encrypted objects to this solution, I found another one i.e. https://repost.aws/knowledge-center/cross-account-access-denied-error-s3 Hope I'm running in right direction.