I have an account 'A' where Elemental MediaConvert service is running. The output file must be placed in the S3 bucket of account 'B'. I am able to set this up by using an IAM role in account 'A' and setting the canned ACL to 'bucket-owner-full-control'. This way, account 'A' is the owner of the object and account 'B' has full control over the object. I am using a Lambda function to pass the IAM role and submit the MediaConvert job. This implementation works perfectly.
However, I now have a requirement that account 'B' must also be the owner of the object. I can probably have MediaConvert place the outputs in an S3 bucket in account 'A' directly, and then have another Lambda function copy the object over to account 'B' assuming a suitable IAM role from account 'B'. But, I want to achieve this by using just the MediaConvert service and maybe a suitable cross-account role from account 'B'. Thay way, I will have less code to maintain overall.
Is it possible to set up the workflow this way? Any help would be greatly appreciated. Thanks!
