ListBucket
, GetObjectTagging
, and GetObject
access on the source bucket for the destination account. This
can be done by adding this statement to the source bucket’s “Bucket policy”;
{
"Sid": "Any_name_to_identify_the_purpose_of_this_statement",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::DESTINATION_AWS_ACCOUNT_NUMBER:root"
},
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:GetObjectTagging"
],
"Resource": [
"arn:aws:s3:::SOURCE_BUCKET_NAME/*",
"arn:aws:s3:::SOURCE_BUCKET_NAME"
]
}
Replace bucket names and the account number in policy file before applying.
aws s3 sync s3://SOURCE_BUCKET_NAME s3://DESTINATION_BUCKET_NAME