0

I ve been trying to copy a bucket content from S3 to another bucket following these instructions :

http://blog.vizuri.com/how-to-copy/move-objects-from-one-s3-bucket-to-another-between-aws-accounts

I have a destination bucket (where I want to copy the content) and a source bucket.

On the destination side, I created a new user with the following user's policy :

{
  "Version": "2012-10-17",
  "Statement": [
     {
         "Effect":"Allow",
         "Action":[
            "s3:ListAllMyBuckets"
         ],
         "Resource":"arn:aws:s3:::*"
      },
      {
         "Effect":"Allow",
         "Action":[

              "s3:GetObject"             
              ],
         "Resource":[

              "arn:aws:s3:::to-destination/*"
              ]
      },
    {
      "Effect": "Allow",
      "Action": [
            "s3:ListBucket",
            "s3:GetBucketLocation"
            ],
      "Resource": [
              "arn:aws:s3:::to-destination"

            ]
    }

  ]
}

and created the destination bucket.

On the source side I have the following policy for the bucket :

{
    "Version": "2008-10-17",
    "Id": "Policy****",
    "Statement": [
        {
            "Sid": "Stmt****",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "*****"
        }
    ]
}

When I try to copy the content of the source to destination using the aws cli :

aws s3 sync s3://source-bucket-name  s3://destination-bucket-name

I always get this error

An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied
Completed 1 part(s) with ... file(s) remaining

What am I doing wrong ? Is there a problem in the way my policies are drafted ?

UPDATE

I also tried following this post that suggests updating source bucket policy and destination bucket policy :

https://serverfault.com/questions/556077/what-is-causing-access-denied-when-using-the-aws-cli-to-download-from-amazon-s3

but I am still getting the same error on the command line

Community
  • 1
  • 1
David Geismar
  • 3,152
  • 6
  • 41
  • 80

2 Answers2

0

Have you configured your account from the CLI using $ aws configure ? And you can use the policy generator to verify if the custom policy you mentioned above is built correctly.

akhila
  • 720
  • 2
  • 7
  • 17
0

This error due to SSL verification. Use this code to transfer objects to new bucket with no verification of SSL.

aws s3 sync s3://source-bucket-name  s3://destination-bucket-name --no-verify-ssl

use --no-verify-ssl

Dimuthu
  • 1,611
  • 1
  • 14
  • 16