您不必向所有人开放权限。使用以下关于源和目标的存储桶策略,使用 IAM 用户从一个账户中的存储桶复制到另一个账户
以下策略意味着 - IAM 用户 - XXXX–XXXX-XXXX:src–iam-user 拥有 s3:ListBucket 和 s3:GetObject 特权 on SourceBucket/* 和 s3:ListBucket 和 s3:PutObject DestinationBucket/* 特权
在 SourceBucket 上,政策应该是这样的:
{
"Id": "Policy1357935677554",
"Statement": [{
"Sid": "Stmt1357935647218",
"Action": ["s3:ListBucket"],
"Effect": "Allow",
"Resource": "arn:aws:s3:::SourceBucket",
"Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
}, {
"Sid": "Stmt1357935676138",
"Action": ["s3:GetObject"],
"Effect": "Allow",
"Resource": "arn:aws:s3:::SourceBucket/*",
"Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
}]
}
在 DestinationBucket 上,策略应该是:
{
"Id": "Policy1357935677555",
"Statement": [{
"Sid": "Stmt1357935647218",
"Action": ["s3:ListBucket"],
"Effect": "Allow",
"Resource": "arn:aws:s3:::DestinationBucket",
"Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
}, {
"Sid": "Stmt1357935676138",
"Action": ["s3:PutObject"],
"Effect": "Allow",
"Resource": "arn:aws:s3:::DestinationBucket/*",
"Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
}]
}
要运行的命令是s3cmd cp s3://SourceBucket/File1 s3://DestinationBucket/File1