Showing posts with label S3 IAM Policy. Show all posts
Showing posts with label S3 IAM Policy. Show all posts

S3 CROSS ACCOUNT ACCESS WITH FOLDER RESTRICTION

 

This document is created to show you how to grant cross account access to a user and restrict it to a folder in S3 bucket. It can be a very useful cost saving measure where you don’t have to duplicate the data in QA bucket. While keeping the data safe as you are granting only read access to data.

Problem:- We want to allow the QA user (qauser) to get files which are in Production bucket (prodbucket) but it should only be able to access folder1 which is in prodbucket. Also both Production user (produser) and qauser should be able to access the buckets which are in their own accounts.
Hirearchy of prod bucket is prodbucket/folder1 .

Solution:-