By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Solution for Transferring huge data from one S3 to another S3 in a different AWS account, securely and without VPC Peering.

0

Hi Team, I'm looking for a solution to transfer huge data from one S3 to other S3 bucket, in different AWS account i.e. cross accounts, having NO VPC Peering connection allowed. Solution should be cost highly secured and cost effective. They are two different enterprise units and no connections like VPC-Peering allowed between their networks. I thought of DataSync but not sure how secure we can make it. Pls suggest the best way to design it. Thanks

Topics
StorageNetworking & Content DeliverySecurity, Identity, & ComplianceAWS Well-Architected Framework
Tags
Amazon Simple Storage ServiceAmazon VPCAWS Identity and Access ManagementAWS Transit GatewaySecurity
Language
English
profile picture
AWS101Architect
asked a year ago775 views
3 Answers
1
Accepted Answer

Please take a look at Amazon S3 Batch Replication.

profile pictureAWS
EXPERT
kentrad
answered a year ago
profile picture
EXPERT
Giovanni Lauria
reviewed 23 days ago
0

Please refer following article.

https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/copy-data-from-an-s3-bucket-in-one-account-and-region-to-another-account-and-region.html

Here are additional options.

https://www.ais.com/methods-to-transfer-data-between-amazon-aws-s3-buckets/

Hope this helps.

AWS
vCISOUSA
answered a year ago
  • AWS101Architect
    a year ago

    I proposed first option and included encryption keys with the valid policies on Source and Destination buckets and IAM roles tagged to Lambda moving the data cross-accounts. However the security is still a concern as I suggested to use AWS Key Management Service (KMS) to manage the encryption keys.

0

Not answering the question but a clarification:

VPC peering is not relevant in this situation. S3 doesn't "live" within a VPC so to access S3 buckets in different accounts you don't need to access a VPC in a different account.

If you wish to use S3 in a VPC without an Internet Gateway then you should most likely use a Gateway Endpoint - that endpoint will allow you to access S3 buckets in different accounts in the region where your VPC is. You can restrict access using an endpoint policy.

profile pictureAWS
EXPERT
Brettski-AWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content