s3.copy with SourceClient not working if we use different account .
See original GitHub issueself.source_session = boto3.session.Session ( profile_name='account1' )
self.source_conn = self.source_session.resource('s3')
self.src_conn = self.source_session.client('s3')
self.dest_session = boto3.session.Session ( profile_name='account2' )
self.dest_conn = self.dest_session.client ( 's3' )
k = self.source_conn.Object(srcBucketName, key_name)
print 'copy: ' + k.key
copy_source = { 'Bucket': srcBucketName , 'Key': k.key }
self.dest_conn.copy ( copy_source, dstBucketName , k.key, SourceClient = self.src_con)
Error - ClientError: An error occurred (AccessDenied) when calling the CopyObject operation: Access Denied
Issue Analytics
- State:
- Created 6 years ago
- Comments:8 (4 by maintainers)
Top Results From Across the Web
Troubleshoot issues copying an object between S3 buckets
I'm trying to copy an object from one Amazon Simple Storage Service (Amazon S3) bucket to another, but it's not working. How can...
Read more >How to copy files between S3 buckets in 2 different accounts ...
The CopyObject() command can be used to copy objects between buckets without having to upload/download. Basically, the two S3 buckets ...
Read more >Copy Amazon S3 objects from another AWS account
I want to copy Amazon Simple Storage Service (Amazon S3) objects across AWS accounts. Then, I want to make sure that the destination...
Read more >S3 — Boto3 Docs 1.26.34 documentation - AWS
When copying an object, you can preserve all metadata (default) or specify new metadata. However, the ACL is not preserved and is set...
Read more >How to copy data from one S3 bucket to another S3 bucket in same ...
Before you can use this procedure, the users in the other AWS account must share the files in their Amazon S3 bucket with...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
The documentation for
SourceClient
is quite vague:A user might reasonably infer that the
SourceClient
is used for reading the source object.After reading issues/1310 (this issue), it seems to me that the official boto3 documentation is deficient and misleading. If the underlying client/session credentials are used to both read the source objects and write the target objects, rather than SourceClient being used for the former, then the documentation would ideally state this very clearly. Would you consider updating the documentation to clarify this?
This tutorial worked for me https://blog.vizuri.com/how-to-copy/move-objects-from-one-s3-bucket-to-another-between-aws-accounts . I needed a policy in the s3 source bucket and a role-policy in the destination account with both the source and the destination buckets as resources. In other cases the error is more meaningful and related to the needed policies but just a CopyDenied error is a bit confuse