Skip to main content

PrivaceraCloud Documentation

Table of Contents

Access AWS S3 buckets from multiple AWS accounts

:

In this topic, you will learn how to access AWS S3 buckets from multiple AWS accounts.

  1. Create or use two AWS accounts, Account A and Account B.

  2. Log in to AWS console as account A and create an IAMrole.

    Example 1. 

    ‘arn:aws:iam::12345678:role/DataServer_Role’



  3. Revise this AWS IAM Role in Account A so that it has full access to the data resources that will be connected to your PrivaceraCloud account.

  4. Establish IAM Role trust relationship with the PrivaceraCloud AWS access role. For more information, see AWS Access with IAM.

  5. Log in to Account B in your AWS console to access the bucket through dataserver.

  6. Select Bucket B and update the bucket policy as shown in the following sample JSON.

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": {
                    "AWS": [
                        "arn:aws:iam::12345678:role/DataServer_Role"
                    ]
                },
                "Action": "s3:*",
                "Resource": [
                    "arn:aws:s3:::bucketB/*",
                    "arn:aws:s3:::bucketB"
                ]
            }
        ]
    }

    Note

    The IAM role ‘DataServer_Role’ is from Account A.

  7. On PrivaceraCloud, add or update the IAM role ‘arn:aws:iam::12345678:role/DataServer_Role” in S3 application.

  8. Once the S3 application is configured you can access Bucket B from Account B through AWS-CLI. For more information, see Scripts for AWS CLI or Azure CLI for managing connected applications..

    Example 2. 

    aws s3 ls s3://bucketB



  9. You can access Bucket B from Databricks cluster. For more information, see Databricks.

    Example 3. 

    readFilePath = "s3a://bucketB/sample_sf.csvdf = spark.read.csv(readFilePath, inferSchema=True, header=True)df.count()df.show(2)