How to migrate S3 bucket to another account

Question

I need to move data from an S3 bucket to another bucket, on a different account. I was able to sync buckets by running:

aws s3 sync s3://my_old_bucket s3://my_new_bucket --profile myprofile

myprofile contents:

[profile myprofile]
aws_access_key_id = old_account_key_id
aws_secret_access_key = old_account_secret_access_key

I have also set policies both on origin and destination. Origins allows listing and getting, and destination allows posting.

The commands works perfectly and I can log in to the other account and see the files. But I can't take ownership or make the new bucket public. I need to be able to make changes as I was able to in the old account. New account is totally unrelated to new account. It looks like files are retaining permissions and they are still owned by the old account.

How can I set permissions in order to gain full access to files with the new account?

Answer 1

Add --acl bucket-owner-full-control to your CLI call, so your command should look something like this: aws s3 sync s3://my_old_bucket s3://my_new_bucket --acl bucket-owner-full-control --profile myprofile

bucket-owner-full-control is a canned ACL (In short, a canned ACL is a predefined grant), check this out to see what other options are available and what they do in the S3 Canned ACL documentation.

This will result in the Objects being owned by the destination bucket.

Answer 2

"It looks like files are retaining permissions and they are still owned by the old account."

The uploader of the Object owns it.

As the new bucket is owned by the new account, you can update the bucket ACL to grant the bucket owner full-control permission on objects by passing the grants option. ¹

--grants full=id=canonicalUserId-ofTheBucketOwner

You can view the Canonical ID for the bucket owner from the AWS S3 Console. ²