Using Skeddly, you can copy objects from one S3 bucket to another S3 bucket. The source and target buckets can be in the same AWS region, or they can be in different AWS regions.
In addition, you can copy S3 objects between buckets in different AWS accounts.
Push Or Pull?
When copying S3 objects between AWS accounts, the copy is executed by the owner of the source bucket, or by the owner of the target bucket.
When copying objects as the owner of the source bucket, you are "pushing" objects to the target bucket. The target bucket must have granted access to the owner of the source bucket to write new objects.
When copying objects as the owner of the target bucket, you are "pulling" objects from the source bucket. The source bucket must have granted access to the owner of the target bucket to read existing objects.
In these instructions, we will "pull" objects from the source bucket. The reason being that objects metadata is not properly copied when objects are "pushed".
Step 1: Configure the S3 Buckets
In order to read or write objects in another AWS account, you must apply a bucket policy to the bucket. In this case, you apply a bucket policy to the source bucket to allow the target AWS account to read objects from it.
Apply the above policy to your source bucket. It grants access to the target AWS account. You must change the following:
- You must replace
123456789012with the 12-digit account number of the target AWS account, and
- You must replace
BUCKET_NAMEwith the name of the source bucket, twice
Note: The use of
arn:aws:iam::123456789012:root in the
Principal property of the policy signifies the target AWS account as a whole. It does not mean "root credentials".
Step 2: Create AWS Credentials For Skeddly
Like any other actions, Skeddly needs access to your AWS account. For this operation, Skeddly needs access to the AWS account that owns the target bucket.
Once you have credentials registered with Skeddly, either pre-existing or newly registered, proceed to the next step.
Step 3: Create Your Action
- Create a new "Copy S3 Objects" action.
- Name the action appropriately.
- Choose your desired execution schedule.
- From the
Credentialsfield, select the AWS account that owns the target S3 bucket.
- In the
Source Informationsection, specify the source bucket and source prefix (if desired). If the source prefix is specified, only objects under that prefix will be copied, otherwise all objects in the bucket will be copied.
- In the
Target Informationsection, specify the target bucket along with your desired overwrite rule and target prefix.
- Save your action.
Step 4: Generate an IAM Policy Document
Use Skeddly's IAM Policy Document Generator to generate an IAM policy with the necessary commands to execute the copy process. Copy and paste that generated policy into your AWS credentials using the AWS Management Console.
Step 5: Execute and Copy
When your action executes (either manually or on it's schedule), the objects should be copied.