Solution for Transferring huge data from one S3 to another S3 in a different AWS account, securely and without VPC Peering.

0

Hi Team, I'm looking for a solution to transfer huge data from one S3 to other S3 bucket, in different AWS account i.e. cross accounts, having NO VPC Peering connection allowed. Solution should be cost highly secured and cost effective. They are two different enterprise units and no connections like VPC-Peering allowed between their networks. I thought of DataSync but not sure how secure we can make it. Pls suggest the best way to design it. Thanks

3 Answers
1
Accepted Answer

Please take a look at Amazon S3 Batch Replication.

profile pictureAWS
EXPERT
kentrad
answered a year ago
profile picture
EXPERT
reviewed 3 months ago
0
  • I proposed first option and included encryption keys with the valid policies on Source and Destination buckets and IAM roles tagged to Lambda moving the data cross-accounts. However the security is still a concern as I suggested to use AWS Key Management Service (KMS) to manage the encryption keys.

0

Not answering the question but a clarification:

VPC peering is not relevant in this situation. S3 doesn't "live" within a VPC so to access S3 buckets in different accounts you don't need to access a VPC in a different account.

If you wish to use S3 in a VPC without an Internet Gateway then you should most likely use a Gateway Endpoint - that endpoint will allow you to access S3 buckets in different accounts in the region where your VPC is. You can restrict access using an endpoint policy.

profile pictureAWS
EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions