You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/home/clouds/aws.md
+10Lines changed: 10 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -123,6 +123,16 @@
123
123
124
124
- Be careful when using it, you should limit the list of zones with which it can work. And if the zone is used for something else, then make sure that it will not delete records from there.
125
125
126
+
## Cross-account S3 access
127
+
128
+
The approach is based on the [official documentation](https://repost.aws/knowledge-center/cross-account-access-s3) section `IAM policies and resource-based bucket policies`.
129
+
130
+
If the S3 bucket uses `SSE-KMS` encryption, then it is necessary to additionally grant access to the KMS key in the items below:
131
+
132
+
- in the `IAM policy` that is attached to the IAM role/user
133
+
134
+
- in the `Key policy` of the KMS key that is used to encrypt data in the S3 bucket
0 commit comments