AWS S3 跨账户访问 Cross Account Access

进入S3对应的存储桶，上面选项选权限，存储桶策略 -- 编辑，输入对应的policy。

完全控制，包含上传删除权限，policy如下：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "cross",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::123456789:root"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::bucket",
                "arn:aws:s3:::bucket/*"
            ]
        }
    ]
}

只读权限policy：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::123456789:root"
            },
            "Action": "S3:ListBucket",
            "Resource": "arn:aws:s3:::bucket",
            "Condition": {}
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::123456789:root"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket/*",
            "Condition": {}
        }
    ]
}

其中：

arn:aws:iam::123456789:root --> 123456789替换为对方aws 账户id

arn:aws:s3:::bucket --> bucket替换为共享的S3存储桶名

然后对方账户下即可通过IAM或者Role访问这个S3