{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::SOURCE-BUCKET",
"arn:aws:s3:::SOURCE-BUCKET/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::DESTINATION-BUCKET",
"arn:aws:s3:::DESTINATION-BUCKET/*"
]
}
]
}
จากนั้นให้ attach policy นี้ กับ user ที่จะใช้คำสั่ง copy
{
"Version": "2012-10-17",
"Id": "Policy1611277539797",
"Statement": [
{
"Sid": "Stmt1611277535086",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::222222222222:user/ek"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::DESTINATION-BUCKET/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
},
{
"Sid": "Stmt1611277877767",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::222222222222:user/ek"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::DESTINATION-BUCKET"
}
]
}
ตรง arn:aws:iam::222222222222:user/ek
คือ ID ของ user ต้นทางนะครับ
aws s3 mv s3://SOURCE-BUCKET/1653363384734.jpg s3://DESTINATION-BUCKET/1653363384734.jpg --acl bucket-owner-full-control
ถ้าสำเร็จมันก็จะตอบกลับมาว่า ย้ายแว้วว