🪣
Cross-account data transfer
- Create S3 bucket in account A
- Create IAM role / user in account B
- Add IAM inline policy to user:
json
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": "*","Resource": "arn:aws:s3:::<bucket>/*"}]}
- Add policy to bucket
json
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"AWS": "arn:aws:iam::<account_id>:user/<user>"},"Action": "*","Resource": ["arn:aws:s3:::<bucket>/*"]}]}