/
🪣

Cross-account data transfer

https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/
AWS
  1. Create S3 bucket in account A
  2. Create IAM role / user in account B
  3. Add IAM inline policy to user:
json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "arn:aws:s3:::<bucket>/*"
        }
    ]
}
  1. Add policy to bucket
json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<account_id>:user/<user>"
            },
            "Action": "*",
            "Resource": [
                "arn:aws:s3:::<bucket>/*"
            ]
        }
    ]
}
Notes and snippets and things