I am trying to copy a file from an existing bucket, to another bucket. I tried the copy and sync command , but it fails . I am assuming, that the bucket owner doesn’t have full access to this file/object. where/how can i find the access/permission info for this object via cli. also , when we copy files from one bucket to another , say via aws s3 cp or sync command , how do i give full access to the owner of the destination bucket?
2
Answers
If an object is copied to a bucket in a different account, then ownership of the object stays with the IAM entity that copied the object.
This can be avoided by specifying
--acl bucket-owner-full-controlwhen copying the object.To see the current owner, you can to call
aws s3api list-objectsand view the Owner ID. It is a long, unfriendly reference.When copying a file from one bucket to another, the owner of the destination bucket must grant the source bucket owner permissions to store the replicas. This can be done by creating an IAM role and then specifying that role in the replication configuration. Additionally, the object owner must grant permissions to the bucket owner using an object ACL. The bucket owner can then delegate those object permissions to others, to users in its own account, or to another AWS account. The bucket owner can also create an IAM role with permissions to perform specific operations (such as get object) and allow another AWS account to assume that role. Anyone who assumes the role can then access objects. [1] If an invalid ACL is specified or bucket ACL permissions grant access outside of the AWS account, an error response will be returned. [2]
[1] https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-walkthroughs-managing-access-example4.html
[2] https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-ownership-error-responses.html