Practice Now
AWS
S3
file transfer
cloud storage
data migration

Move files directly from one S3 account to another?

Master System Design with Codemia

Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.

Start PracticingLearn More

AWS S3 (Amazon Simple Storage Service) is a flexible, reliable, scalable, and secure cloud storage solution offered by Amazon Web Services. One of the frequent use cases involving S3 is transferring files from one S3 bucket to another, often across different AWS accounts. This article provides a comprehensive guide on how to accomplish this task efficiently.

Understanding the Challenges

When transferring files between S3 buckets in different accounts, several factors must be considered:

  1. Security: Ensure that both the source and destination S3 buckets have appropriate permissions set.
  2. Efficiency: Minimize data transfer times without incurring unnecessary costs.
  3. Data Integrity: Ensure that files are not corrupted during the transfer.
  4. Automation: Use scripts or AWS services to automate the transfer process if needed.

Steps to Transfer Files

1. Set Up Permissions

Bucket Policy and IAM Role

Before you start transferring files, you need to set appropriate permissions.

  • Source Bucket:
    • Attach a bucket policy that permits access to the destination account.
json
1{
2    "Version": "2012-10-17",
3    "Statement": [
4        {
5            "Effect": "Allow",
6            "Principal": {
7                "AWS": "arn:aws:iam::<destination-account-id>:role/<destination-role>"
8            },
9            "Action": "s3:GetObject",
10            "Resource": "arn:aws:s3:::<source-bucket-name>/*"
11        }
12    ]
13}
  • Destination Account:
    • Create an IAM role that assumes the required permissions.
json
1{
2    "Version": "2012-10-17",
3    "Statement": [
4        {
5            "Effect": "Allow",
6            "Action": "sts:AssumeRole",
7            "Principal": {
8                "AWS": "arn:aws:iam::<source-account-id>:role/<source-role>"
9            }
10        }
11    ]
12}

2. Use the AWS CLI or SDK for Transfer

AWS CLI

The AWS Command Line Interface (CLI) provides easy-to-use commands for moving files between buckets. Start by assuming the IAM role set in the destination account.

bash
aws sts assume-role \
  --role-arn "arn:aws:iam::<destination-account-id>:role/<destination-role>" \
  --role-session-name AWSCLI-Session

Then, copy files using the aws s3 cp or aws s3 sync command.

bash
1# Copy single file
2aws s3 cp s3://<source-bucket-name>/<file-key> s3://<destination-bucket-name> --source-region <source-region>
3
4# Sync entire bucket
5aws s3 sync s3://<source-bucket-name> s3://<destination-bucket-name> --source-region <source-region>

AWS SDK

For more automated environments, consider using the AWS SDK for languages such as Python, Java, or Node.js.

  • Python Example using Boto3:
python
1import boto3
2
3source_session = boto3.Session(
4    aws_access_key_id=<source_access_key>,
5    aws_secret_access_key=<source_secret_key>
6)
7
8s3_source = source_session.resource('s3')
9bucket = s3_source.Bucket('<source-bucket>')
10
11destination_session = boto3.Session(
12    aws_access_key_id=<destination_access_key>,
13    aws_secret_access_key=<destination_secret_key>
14)
15
16s3_destination = destination_session.resource('s3')
17
18for obj in bucket.objects.all():
19    copy_source = {'Bucket': obj.bucket_name, 'Key': obj.key}
20    destination_bucket = s3_destination.Bucket('<destination-bucket>')
21    destination_bucket.copy(copy_source, obj.key)

3. Verify Transfer and Integrity

After the transfer, it is vital to verify that all files have been successfully moved. You can use:

  • Checksums: Use MD5 hashes to verify data integrity.
  • AWS CLI --dryrun flag: Simulate the operation to verify the correctness of commands.

4. Automate with AWS Lambda

For a fully automated process, consider setting up an AWS Lambda function triggered by S3 events (e.g., s3:ObjectCreated:*). This can automate the transfer whenever new files are added to the source bucket.

Use Case Summary Table

Key AreaDescription
SecuritySet proper IAM roles and policies to allow cross-account access
ToolsUse AWS CLI or SDKs like Boto3 for Python to facilitate moving files
VerificationImplement checksum verification to ensure data integrity
AutomationAutomate transfers using AWS Lambda function triggered by S3 events
EfficiencyUse parallel transfers and multi-threaded programming to optimize data movement

Considerations

  • Cost: Be mindful of potential costs from data transfer and requests. AWS charges data transferred out of a region.
  • Region: Ensure both buckets are in the same region to reduce latency and costs whenever possible.
  • Scalability: For large datasets, consider splitting the data and utilizing batch processing.

Transferring files between S3 buckets across AWS accounts is manageable with the right setup and tools. The steps outlined facilitate secure, efficient, and automated file migration.

Course illustration
Course illustration
Codemia
© 2026 Codemia
Resources
Legal
Social
All Rights Reserved.