Copy files from one AWS account's S3 bucket to another AWS account's S3 bucket + using NodeJS

Question

How to copy files from source AWS account's S3 bucket into destination S3 bucket which is on a different AWS account using NodeJS ?

i.e, from S3 in AWS Account A to S3 in AWS Account B

Answer 1

Did you try the copyObject method?

Use Bucket and Key to indicate the destination and CopySource to indicate the source object. Make sure your creds have permission to both read the source object and write the destination object.

Ideally, improve the security of your copy by asserting the AWS account ID of the destination bucket in ExpectedBucketOwner, if you know it.

Here's an untested example:

const s3 = new AWS.S3();

const params = {
  Bucket: 'destbucket', 
  CopySource: 'srcbucket/srcfolder/file.txt', 
  Key: 'destfolder/file.txt'
};

const result = await s3.copyObject(params).promise();

If you need to assume a role that allows access to both buckets, then use some variant of this code to get STS credentials and an S3 client object:

const sts = new AWS.STS({ region: 'us-west-2' });

const role_params = {
  RoleArn: 'arn:aws:iam::1234567890:role/yourrole',
  RoleSessionName: 'optional-name',
  ExternalId: 'some-optional-value',
  DurationSeconds: 3600,
};

const res = await sts.assumeRole(role_params).promise();

const cred_params = {
  accessKeyId: res.Credentials.AccessKeyId,
  secretAccessKey: res.Credentials.SecretAccessKey,
  sessionToken: res.Credentials.SessionToken,
};

const s3 = await new AWS.S3(cred_params);

To understand the permissions needed for cross-account S3 access, see How can I provide cross-account access to objects that are in Amazon S3 buckets?