Copying files between S3 buckets in different accounts with the CLI

Is there a trick to copy files between S3 buckets in different accounts with the CLI if they require two different profiles? and does anyone know if copying between S3 buckets first transfers the files to your system anyway? I have to transfer a number of large files and would like to avoid downloading and re-uploading them.

You can use replication for new objects and I believe you can get in touch with AWS and raise a ticket for getting an existing bucket’s objects copied into a new one if it’s an unreasonably large volume of objects (I guess charged at the usual rate? You might want to ask)

Unfortunately, it’s a backup archive, so (as far as I’m aware) replication would be the wrong tool. But contacting AWS sounds like a good idea, thanks! I didn’t know it’s an option for things like that.

Why would replication (on-going) be a bad option for a backup archive?

This might help, dunno. It’s focused on ownership of files
https://www.youtube.com/watch?v=k_YAvQBgn1g

Remember to take into account egress charges if you decide to copy them via your own machine

the short answer is yes.
it requires you provide the correct bucket policy and you can do this with a single IAM user/profile.

  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowWriteToOwner",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::111222333444:root"
      },
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::bucket/*",
        "arn:aws:s3:::bucket"
      ]
    },
    {
      "Sid": "Example permissions",
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::111222333444:root",
          "arn:aws:iam::555666777888:root"
        ]
      },
      "Action": [
        "s3:Get*",
        "s3:List*"
      ],
      "Resource": [
        "arn:aws:s3:::bucketname/*",
        "arn:aws:s3:::bucketname"
      ]
    }
  ]
}```

This has nothing to do with IAM.
The minimum IAM requirement is the IAM User or Role have S3 permissions.

The rest is strictly on bucket policy on the destination bucket,

User/role on source bucket account.
bucket policy in destination bucket/account.

with a separate IAM user for each aws account you actually have more red tape to jump through