AWS S3 buckets inside master account not getting listed in member accounts

0
votes

I have an aws organisation with a few S3 buckets and member accounts. I added a bucket policy in one of the S3 bucket to allow its access from a member account based on the documentation the aws is providing in the following url.

https://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example2.html

I added policy in my master account S3 bucket as follows.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "Example permissions", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::702382032219:root" }, "Action": [ "s3:GetBucketLocation", "s3:ListBucket" ], "Resource": "arn:aws:s3:::testbucketfordip87" } ] }

But after logging in to the specific member account, I am still not able to see the S3 bucket there. So please let me know what went wrong here.

2
amazon-web-servicesamazon-s3

2 Answers

2
votes

It isn't possible to make buckets show up in the console bucket listings across account boundaries, even in organizations.

Following those steps only gives the user programmatic (API) access to the bucket. Note how the test steps only mention aws-cli and the powershell tools.

0
votes

There is a work around for this, just replace the bucket name in the URL section and you can access that bucket via the console from a member account. You don't actually have to login to the master account to access it. If your permissions are set correctly. You can access the master account bucket that way, then just bookmark it if you are accessing it frequently. https://s3.console.aws.amazon.com/s3/buckets/some-bucket-in-master-account/?region=us-east-1&tab=overview