Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
303 views
in Technique[技术] by (71.8m points)

amazon web services - Accessing a commercial s3 bucket from a govcloud ec2 instance

I have a s3 bucket inside a commercial aws account. My ec2 instances are inside a govcloud s3 account. Tried to create an IAM role inside the govcloud account and picked the option for "Another AWS Account" and put down the commercial aws account number but it doesn't let me setup this trust. Keeps throwing this error: Invalid principal in policy: "AWS":"[the commercial account number]". If I try to create the same IAM role inside the commercial and have it trust the govcloud, it gives me the same error. I even tried to create a new S3 bucket inside the commercial account and have a bucket policy that allows access from the govcloud account but it complains about the principal being invalid:

"Principal": {
                "AWS": "arn:aws-us-gov:iam::[govcloud account ID]:user/root"
            },

If I try to set up the above trust between two govcloud account or two commercial account it works fine. Was hoping someone could help me please. Thank you in advance

question from:https://stackoverflow.com/questions/65924421/accessing-a-commercial-s3-bucket-from-a-govcloud-ec2-instance

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

To quote the IAM documentation on How IAM Differs for AWS GovCloud (US):

You cannot create a role to delegate access between an AWS GovCloud (US) account and a standard AWS account.

Also, note that IAM credentials are protected as ITAR-regulated data.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...