Is copying an S3 bucket from one AWS account to another AWS account secure in transit?

Question

I am looking to copy the contents of one S3 bucket to another S3 bucket in a different account. I found the following tutorial and tested it with non confidential files - https://medium.com/tensult/copy-s3-bucket-objects-across-aws-accounts-e46c15c4b9e1

I am wondering if any data that is transferred between accounts using this method is secure - as in encrypted in transit. Is it using AWS to do a direct copy or is it using the computer running the sync as the middle man - download to the computer then uploading to the destination bucket. I do have AES-256 (Use Server-Side Encryption with Amazon S3-Managed Keys) enabled on the source S3 bucket. I did see a recommendation about using AWS-KMS but it was not clear if that would do what I need. Just want to make sure the S3 transfer between one account to the other is secured!

Answer 1

When using the cp or sync commands, the objects are always copied "within S3". The objects are not downloaded and uploaded.

If you are copying data between buckets, and the buckets are in the same region then the traffic is totally within the AWS "backplane", so it never goes to the Internet or to a VPC. I believe that it is also encrypted while being copied.

If you are copying between regions, the data is encrypted as it travels across the AWS network between the regions. (Note: Data Transfer charges will apply.)