Granting access to your bucket to another AWS account

There are two ways to share your bucket with another AWS account:

1. Using Bucket Policies
2. Using Access Control List (ACL)

Bucket Sharing using Bucket Policies

Requirements: Account Number (an Id of the account you want to share bucket with)

Account Number can be found in AWS Account:
https://portal.aws.amazon.com/gp/aws/manageYourAccount

It consists of 12 digits separated by dashes, for example 1234-5678-9012

To share your bucket using Bucket Policies:

Step 1: start S3 Browser and select the bucket you want to share.

Step 2: click Buckets -> Edit Bucket Policy

Click Buckets, Edit Bucket Policy to open Bucket Policies Editor

Bucket Policies Editor will open:

Bucket Policies Editor allows you to view and edit policies associated with the bucket

Step 3: paste the following Bucket Policy to allow list bucket, upload and download files:

	
{
  "Id": "Policy1357935677554",
  "Statement": [
    {
      "Sid": "Stmt1357935647218",
      "Action": [
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::your-bucket-name",
      "Principal": {
        "AWS": [
          "1234-5678-9012"
        ]
      }
    },
    {
      "Sid": "Stmt1357935676138",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::your-bucket-name/*",
      "Principal": {
        "AWS": [
          "1234-5678-9012"
        ]
      }
    }
  ]
}
		

Replace your-bucket-name with your actual bucket name and 1234-5678-9012 with the actual account number.

If you would like to grant other permissions, check out AWS Policy Generator to generate corresponding bucket policy.

Step 4: click Apply Bucket Policies to save changes

Step 5: check out these instructions to learn how can another account connect to the bucket you shared with them.

Bucket Sharing using Access Control List (ACL)

Requirements:

Email Address - an email address associated with the account you want to grant access to. This email address is used to log-in into the AWS Management Console. You can not use an email address which is associated with more than one AWS account. In such a case, you can use Owner Id.

OR

Owner Id - owner id of the account you want to grant access to (let's name it account 2) Owner Id can be copied from properties of the bucket that belongs to account 2.

To share the bucket with another AWS account using Email or Owner ID:

Step 1: select the bucket you want to share and click Buckets -> Edit Permissions (ACL)

Select the bucket and click Bucket, Edit Permissions (ACL)

Permissions tab will open

Permissions Editor allows you to view and edit bucket/file permissions

Step 3: click More -> Add user by Email/ID

Step 4: enter or paste Email or Owner Id of the account 2.

Enter or paste Email or Owner Id of the account 2

Step 5: check permissions you want to grant.

Check the permissions you want to grant

Important note: if you plan to allow file upload (the 'Write' permission) we recommend to grant the 'Read Permissions' too AND uploader (account 2) should also enable permissions inheritance in Tools, Options. This is important if you need access to files uploaded by another account (account 2).

Step 6: click Apply changes.

Step 7: check out these instructions to learn how can account 2 connect to the bucket you shared with them.

Related materials

External Buckets - how to use the bucket shared by another account (how can account 2 connect to the bucket you shared with them)

More about Permissions and Sharing

Bucket Sharing Wizard - an easy painless way to create new users and share buckets with them

How to share folders using Bucket Sharing Wizard and connect to the shared folders