Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

s3 cross account access

-1

how to configure s3 access to airflow which is in different account. please help with cdk code to use s3 is in account A and airflow in account B

Topics
Application IntegrationStorage
Tags
Amazon Managed Workflows for Apache Airflow (MWAA)Amazon S3 Access Grants
Language
English
asked 20 days ago38 views
1 Answer
0

Hello.

I think you'll be able to use it if you configure the S3 bucket policy to allow the IAM role used by MWAA.
For example, if you configure the bucket policy as follows, access from MWAA in account B to S3 in account A will be permitted.

import * as s3 from 'aws-cdk-lib/aws-s3';
import * as iam from 'aws-cdk-lib/aws-iam';

const bucket = new s3.Bucket(this, 'S3bucketname');

// MWAA role ARN for Account B
const mwaaRoleArn = 'arn:aws:iam::ACCOUNT_B_ID:role/MWAARole';

bucket.addToResourcePolicy(new iam.PolicyStatement({
  principals: [new iam.ArnPrincipal(mwaaRoleArn)],
  actions: [
    's3:GetObject',
    's3:ListBucket'
  ],
  resources: [
    bucket.bucketArn,
    `${bucket.bucketArn}/*`
  ],
}));
EXPERT
answered 20 days ago
EXPERT
reviewed 20 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content