Jul
17
2013
AWS // S3

Copy Contents in S3 Bucket Between AWS Accounts with S3cmd

First, download s3cmd

download from http://s3tools.org/s3cmd

and install:

$ cd s3cmd

$ sudo python setup.py install

The following command will prompt you for your S3 key and secret. The prompt for ‘Path to GPG program:’ entered nothing in this field.

$ s3cmd --configure

Then try with the command

$ s3cmd sync --skip-existing --recursive s3://source-bucket-name s3://target-bucket-name

You will get

ERROR: S3 error: 403 (AccessDenied): Access Denied

 

Then set the policy for both source and destination s3 buckets

The source bucket policy looked like:

{
"Version": "2013-09-23",
"Id": "Policy1321826983372",
"Statement": [
{
"Sid": "Stmt1321826980370",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<target account number>:user/youraccount"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::<source bucket name>/*"
}
]
}

and the target bucket policy looked like:

{
"Version": "2013-09-23",
"Id": "Policy1321826983372",
"Statement": [
{
"Sid": "Stmt1321826980370",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<source account number>:user/youraccount"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::<target bucket name>/*"
}
]
}

arn:aws:iam :: the 12 digit number (xxxx-xxxx-xxxx) located under the “Welcome <your name> | Sign Out” line on your account page (https://portal.aws.amazon.com/gp/aws/manageYourAccount). or you can check it from IAM servive

 

set the access on target buckget

Log into the S3 web console using the account of the bucket you are transferring to.

Visit the S3 web console.

https://console.aws.amazon.com/s3/home 

Click on your bucket, then Actions, then Properties.

At the bottom under the “Permissions” tab click “Add more permissions”.

Set "Grantee" to Everyone Check "List" and "Upload/Delete" Save

Finally, I try it again

$ s3cmd sync --skip-existing --recursive s3://source-bucket-name s3://target-bucket-name

 


Leave a comment

You must be logged in to post a comment.




Member Area