Transfer full s3 from one account to another | Moving Large S3 Files using dataSync Across Account

No video

Transfer full s3 from one account to another | Moving Large S3 Files using dataSync Across Account

Рет қаралды 8,952

Күн бұрын

If you're Transferring large S3 buckets across AWS accounts you can do that in multiple ways. In this video, I will explain how you can do it using dataSync aws which is 10x faster than normal transfer.
===================== Source bucket policy =====================
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::DIST_ACCOUNT_ID:role/datasync-role",
"arn:aws:iam::DIST_ACCOUNT_ID:user/distention_account_logged_in_user"
]
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::rource_bucket"
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::DIST_ACCOUNT_ID:role/datasync-role",
"arn:aws:iam::DIST_ACCOUNT_ID:user/distention_account_logged_in_user"
]
},
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObjectTagging",
"s3:GetObjectTagging",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::source_bucket/*"
}
]
}
=================Distention account role policy==================
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::source_bucket"
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:GetObjectTagging",
"s3:ListBucket",
"s3:PutObjectTagging"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::source_bucket/*"
}
]
}
=============== Distention Bucket policy ==================
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "DataSyncCreateS3LocationAndTaskAccess",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::DIST_ACCOUNT_ID:role/datasync-role",
"arn:aws:iam::DIST_ACCOUNT_ID:user/distention_account_logged_in_user"
]
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:GetObjectTagging",
"s3:PutObjectTagging"
],
"Resource": [
"arn:aws:s3:::dist_bucket",
"arn:aws:s3:::dist_bucket/*"
]
}
]
}
===================== AWS CLI command =====================
aws datasync create-location-s3 --s3-bucket-arn arn:aws:s3:::s3-source-01 --s3-storage-class STANDARD --s3-config BucketAccessRoleArn="arn:aws:iam::1234567890:role/datasync-role" --region us-east-1

Пікірлер: 35

@WilliamVirkin 15 күн бұрын

this video explain WAY BETTER than the official documentation in AWS and also that documentation has a lot of inconsistency.

@fahadsayed6933 2 ай бұрын

works like a charm! .. thank you very much. It saved me a lot of time.

@InternalAmbition Жыл бұрын

This video is great! Thank you

@marxito0 20 күн бұрын

excellent thank

@civil5109 Жыл бұрын

Thanks jdk develoment its is working now

@jdkDevelopmentOfficial Жыл бұрын

Pleasue

@jogurt5661 Жыл бұрын

Great work, thx

@BeSavage177 Жыл бұрын

Thanks for this!! Does this support accounts across different organizations so data can be transferred to various clients if needed?

@jdkDevelopmentOfficial Жыл бұрын

Yes it does!

@syednawaz819 Жыл бұрын

It helped. Thanks a lot.

@oblivster 10 ай бұрын

🔥🔥🔥

@ravitejanimma3831 Жыл бұрын

I have followed your steps, and faced same error. "DataSync location access test failed: could not perform s3:HeadBucket on bucket Access denied. Ensure bucket access role has s3:ListBucket permission."

@user-wj5qx7di9i Жыл бұрын

not the best approach, but instead of using IAM role/ IAM user i used root user and instead of this string "arn:aws:iam::DIST_ACCOUNT_ID:user/distention_account_logged_in_user" try this: "arn:aws:iam::DIST_ACCOUNT_ID:root", this worked for me

@tharunyarramreddy4183 Жыл бұрын

@@user-wj5qx7di9i if we dont have root user what is the alternative approach

@AasthaKasera Жыл бұрын

@@user-wj5qx7di9i Thanks a lot, this worked for me.

@moforel 7 ай бұрын

Great Video! Is it possible to use datasync to transfer only objects with a specific tag? If so how?

@gigadanelia8339 Жыл бұрын

Thanks!

@bakhodiryakubov3981 Ай бұрын

Can you move from Acccount1 West region to Account2 East region as well?

@user-wp5ci6tg1o Жыл бұрын

great video! one question, is object ownership disabled in the source account?

@jdkDevelopmentOfficial Жыл бұрын

yes

@user-zf8jt4vj6l Жыл бұрын

How is the EFS to EFS procedure between different accounts?

@arsaphone 7 ай бұрын

Hi sir, this policy wont do anything harm to source s3 right? for example the source bucket cannot be accessible bcs the policy

@jdkDevelopmentOfficial 6 ай бұрын

No there's nothing harm this policy is not for public It's for specific entity.

@munchback9006 Жыл бұрын

Hi! can you please help i am getting this error while creating task : last step of the video Failed to create task Request ID: Action datasync:CreateTask Status code 400 API response DataSync location access test failed: could not perform s3:HeadBucket on bucket careem-pubweb-staging. Access denied. Ensure bucket access role has s3:ListBucket permission.

@munchback9006 Жыл бұрын

i need to allow full access on datasync of source account to my cli user ?

@jdkDevelopmentOfficial Жыл бұрын

No need for full access but I think you're missing S3:ListBucket permission.

@anubhavbiswas4142 Жыл бұрын

Does this feature involves cost? If I want to move millions of objects to another AWS account, will this incur any cost?

@jdkDevelopmentOfficial Жыл бұрын

Yes, It's costing but not too much you can find more details in their pricing module.

@anubhavbiswas4142 Жыл бұрын

@@jdkDevelopmentOfficial thank you.. Yes i went through the pricing.. Thank you for this informative video

@durantapatra443 Жыл бұрын

how to transfer 1GB single file ?

@jdkDevelopmentOfficial Жыл бұрын

You can transfer 1GB file using"aws sync" using aws cli.

@siriusleto3758 4 ай бұрын

If you use MFA it will be more complicated. They never explain it in the tutorial.

@user-jl6cj3sj6r 11 ай бұрын

Hi @jdkDevelopmentOfficial I followed your steps, but I got an error DataSync location access test failed: could not perform s3:GetObject in bucket source11. Access denied. Ensure bucket access role has s3:GetObject permission.

@jawadali7728 10 ай бұрын

Make sure you have get files permission in source account.

29 күн бұрын

i put "s3:GetObject", in the firts statement on the source role and works