How to transfer an Amazon S3 bucket to another account?

22,605

Solution 1

S3 Buckets cannot be transferred between accounts. At least in the simple sense of "here is my bucket, now it is your bucket". Everyone seems to use some form of copying. If you have permission to both your original bucket and their destination bucket then you can use the AWS CLI and just

aws s3 sync s3://bucket1 s3://bucket2

Have you tried adding their account as an ALL PERMISSION user to one of your buckets? http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-creatingrole-policyexamples.html

Then login as their account and see if they can then edit the policy to remove your original account? Not sure how the billing would turn out since you created the bucket.

Solution 2

If you are going to do this frequently then you should create a new account per customer and then transfer ownership of the whole account to the client. See Consolidated billing and Organisations.

22,605

rustyx

Please be positive and stop the trolling!!! Update May 12, 2022. The US is fighting a hybrid proxy-information war. I don't normally comment on politics and I don't give a rat's about Russia or China, but what the US is doing is very, very disturbing. They must stop before it's too late! Brian Berletic - An update on what's really happening in Ukraine Scott Ritter - Ukraine, Finland and Nato, a Warning to the People of Finland Jimmy Dore - on what happened in Ukraine in 2014 Brian Berletic - Washington Preps Taiwan to be Asia's "Ukraine"

Updated on May 11, 2020

Comments

rustyx over 2 years

I configure AWS instances for clients, and I need to transfer everything to them at the end, so that the billing for AWS and S3 usage also goes on their accounts.

I know there is a way to "transfer" an EC2 instance via AMI sharing, but is there a way to transfer ownership or share S3 buckets as well? (Preferably avoid making a copy but transfer the original bucket itself).
rustyx over 7 years

I think this would work, but I ended up simply creating a dedicated account and transferring its credentials to my client.
Michael Johnston almost 7 years

I went through the iam cross-account roles tutorial, but still when I do aws s3 sync s3://bucket1 s3://bucket2 I get A client error (AccessDenied) occurred when calling the ListObjects operation: Access Denied regardless of which accounts credentials I use.
rooscous over 4 years

Is there a way to copy all versions of objects as well. It looks like s3 sync and cp --recursive both do not preserve versions.
Ralph Bolton over 4 years

I just tried an ALL PERMISSIONS user, and it does indeed grant access sufficiently well. However, it seems it's not possible to deny the original owner completely - even with Deny on s3:*, the original owner can still see the bucket and get to the policy.
fdm about 3 years

If I am not wrong this procedure will copy the content of one bucket with a name in to another bucket with a different name, but the interesting thing would be to move the bucket keeping the same name
peetasan almost 2 years

@fdm you can't use the same name since bucket names are globally unique. You'd need a temporary bucket, remove the objects from the old bucket, delet the bucket, recreate it in the other account and move the objects from the temp bucket.