Walkthrough 2: To grant cross-account bucket permissions
If you own several AWS accounts (for example, Account A and Account B for different projects) and grant permissions to access the resources such as buckets or objects between the accounts, for example, you want to grant permissions that Account A allows Account B to access the objects or buckets of Account A, you can grant such permissions using cross-account permissions.
The following diagram shows how the AWS account A grants permissions to the S3 bucket, and the Admin IAM user in the AWS account B delegates permission to a different IAM user in its account and for this walkthrough.
To summarize, what you need to do is:
Create a bucket policy in Account A, granting cross-account permission to Account B to perform specific operations.
Attach a user policy in Account B to the IAM user to delegate permissions from Account A.
Verify that the IAM user in Account B is granted permissions to access objects in the bucket owned by Account A.
We...
