Transfer ownership of Amazon S3 objects to a different AWS account.

Let’s take two accounts for this example source account and destination account. Also two buckets sourcebucket and destinationbucket.

Step 1. Tools

First All, install AWS CLI according your SO (Win, Mac or Linux ).

Step 2. Source Account

We need to get the destination account number. So, go to destination account in support menu you can check the account number.

After it, go to bucket and attach the following police:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DelegateS3Access",
"Effect": "Allow",
"Principal": {"AWS": "DESTINATION_ACCOUNT_NUMBER"},
"Action": ["s3:ListBucket","s3:GetObject"],
"Resource": [
"arn:aws:s3:::sourcebucket/*",
"arn:aws:s3:::sourcebucket"
]
}
]
}

Step 3. Destination Account

Let's create and attach a policy to a user/group in the destination AWS account to delegate access to the bucket in the source AWS account.

In AWS Service IAM lets create a new police, new group and new user.

  • Create a new police called s3TransferPolice and attach the following :
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::sourcebucket",
"arn:aws:s3:::sourcebucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::destinationbucket",
"arn:aws:s3:::destinationbucket/*"
]
}
]
}
  • Create new group called s3TransferGroup and attach the s3TransferPolice and AmazonS3FullAccess polices.
  • Create new user called s3TransferUser, in access type, make sure to check programmatic access, and add to s3TransferGroup group.
  • Download the security credentials file for the created user, we'll needs in the next step. ( This file contains access and secret keys).

Final Step.

  • Go to terminal and type aws configure :
AWS Access Key ID [None]: s3TransferUser Access Key 
AWS Secret Access Key [None]: s3TransferUser Secret key
Default region name [None]: us-west-2
Default output format [None]: json
  • Now run the following command.
aws s3 sync s3://sourcebucket s3://destinationbucket

This is a simple way to transfer buckets between accounts. :)

Links reference.

https://aws.amazon.com/pt/premiumsupport/knowledge-center/account-transfer-s3/