Add external account as S3 Object's ACL

Question

I have an Account A uploading objects to a S3 bucket in Account B. The objects are read by Account C.

To provide Account C the permission to access these objects, I have to add its canonical ID to ACL of the objects. I am trying to do this in yml, but is there a better way to specify the canonical id other than hardcoding its value ?

acl.grantPermission(new CanonicalGrantee( "29a4a34fg7b381fe444fca8404032f2cb1sdgsd216d7098a2sgsdg7b0ab28cbd84gh4y"), Permission.Read);

Have you considered adding a Bucket Policy that grants access to Account C for all objects (or all objects in a given path)? That way, the permissions do not need to be added to each object individually. — John Rotenstein, Mar 02 '21 at 22:42

score 0 · Answer 1 · answered May 25 '21 at 12:40

0

You can enable the Object ownership to Bucket owner preferred and add the resource policy for the Account C in the bucket policy(accountB), by this way all the objects pushed to the Account will have the bucket policy applicable

answered May 25 '21 at 12:40

Deepak Karthik

1

Add external account as S3 Object's ACL

1 Answers1