In this article, we discuss how to permit user in another AWS account to upload objects to an S3 bucket.
Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.
Today, let us see how our techs grant this cross-account access.
Permit user in another AWS account to upload objects to S3 bucket
Moving ahead, let us discuss how we can perform the same.
To grant an IAM user from Account A the access to upload objects to an S3 bucket in Account B, our Support Techs recommends the steps below:
1. Initially, from Account A, we attach a policy to the IAM user.
In addition, this policy must allow the user to run the s3:PutObject and s3:PutObjectAcl actions on the bucket in Account B.
For example:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::DOC-EXAMPLE-BUCKET",
"arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
]
}
]
}
Users require the s3:PutObjectAcl permission that specifies an object access control list (ACL) during the upload.
Failure of which will lead the users to get an Access Denied error when they upload an object with an ACL.
2. After that, from Account A, we get the Amazon Resource Name (ARN) of the IAM user.
3. Then, from Account B, we attach a bucket policy that grants the IAM user in Account A permission to run s3:PutObject and s3:PutObjectAcl actions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DelegateS3Access",
"Effect": "Allow",
"Principal": {"AWS": "arn:aws:iam::999999999999:user/UploadData"},
"Action": ["s3:PutObject", "s3:PutObjectAcl"],
"Resource": [
"arn:aws:s3:::DOC-EXAMPLE-BUCKET",
"arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
]
}
]
}
It is important to make note that, for the value of Principal, we need to enter the ARN of the IAM user in Account A.
Once we set up the IAM user policy in Account A and bucket policy in Account B, the IAM user can upload objects to Amazon S3.
[Need help with the access permission? We’d be happy to help you out]
Conclusion
To conclude, we saw how our Support Techs permit users easily.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
