AWS S3 cross account access

Steps to grant Locale account access to your S3

Here are the steps that one need to follow in order to grant locale account access to your s3 bucket and a reference AWS link:

Provide cross-account access to objects in Amazon S3 objectsAmazon Web Services, Inc.

S3 bucket access steps

1. Navigate to your s3 bucket in AWS console and go to permissions

2. In the permissions tab of the s3 bucket, scroll down to see the bucket policy, click the edit button.

3. In the bucket, policy add the following JSON in order to give locale access to your bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::430692669414:user/gaia-extraction-user"
            },
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::{AccountABucketName}/*"
            ]
        },
				{
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::430692669414:user/gaia-extraction-user"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::{AccountABucketName}"
        }
    ]
}

Note: Replace the account bucket name with the name of the bucket. You can define a specific S3 bucket folder in the resource element to provide granular access for more limited access, such as "Resource": "arn:aws:s3:::AccountABucketName/FolderName/".

Here is the policy bucket JSON which you need to set in order to give access to a specific folder

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::430692669414:user/gaia-extraction-user"
            },
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::{AccountABucketName}/{folder_name}/*"
            ]
        },
				{
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::430692669414:user/gaia-extraction-user"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::{AccountABucketName}",
						"Condition": {
                "StringEquals": {
                    "s3:prefix": "{folder_name}/"
                }
            }
        }
    ]
}

This bucket policy basically allows Locale to list the objects in the bucket and read any file present in the bucket. For more information regarding S3 cross-account access please refer to the AWS official documentation.

Once you are done with all these steps, you need to provide us with the bucket name in order for us to get started with the integration.

PreviousAWS S3 NextREST API

Last updated 2 years ago