CREATIVE CHAOS   ▋ blog

Share AWS S3 Bucket With Another AWS Account

PUBLISHED ON 27/10/2020 — EDITED ON 11/12/2023 — SYSOPS

Obtain users AWS Canonical ID

# aws s3api list-buckets --query Owner.ID --output text
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Create new bucket

Amazon AWS console / S3 /

Create Bucket: “new-bucket”.

Allow public access

Amazon AWS console / S3 / new-bucket / Permissions / Block Public Access

OFF

Edit ACL

Amazon AWS console / S3 / new-bucket / Permissions / Access Control List

Add permissions for obtained Canonical ID.

Edit policy

Amazon AWS console / S3 / new-bucket / Permissions / Bucket Policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "CanonicalUser": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::new-bucket/*"
        }
    ]
}

Test

# aws s3 sync s3://new-bucket/ .
TAGS: AWS, BUCKET, HACK, S3