I was struggling with this, too, but I found an answer over here https://stackoverflow.com/a/17162973/1750869 that helped resolve this issue for me. Reposting answer below.
You don't have to open permissions to everyone. Use the below Bucket policies on source and destination for copying from a bucket in one account to another using an IAM user
Bucket to Copy from – SourceBucket
Bucket to Copy to – DestinationBucket
Source AWS Account ID - XXXX–XXXX-XXXX
Source IAM User - src–iam-user
The below policy means – the IAM user - XXXX–XXXX-XXXX:src–iam-user has s3:ListBucket and s3:GetObject privileges on SourceBucket/* and s3:ListBucket and s3:PutObject privileges on DestinationBucket/*
On the SourceBucket the policy should be like:
{
"Id": "Policy1357935677554",
"Statement": [
{
"Sid": "Stmt1357935647218",
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::SourceBucket",
"Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
},
{
"Sid": "Stmt1357935676138",
"Action": ["s3:GetObject"],
"Effect": "Allow",
"Resource": "arn:aws:s3::: SourceBucket/*",
"Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
}
]
}
On the DestinationBucket the policy should be:
{
"Id": "Policy1357935677554",
"Statement": [
{
"Sid": "Stmt1357935647218",
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3::: DestinationBucket",
"Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
},
{
"Sid": "Stmt1357935676138",
"Action": ["s3:PutObject"],
"Effect": "Allow",
"Resource": "arn:aws:s3::: DestinationBucket/*",
"Principal": {"AWS": "arn:aws:iam::XXXXXXXXXXXX:user/src–iam-user"}
}
]
}
command to be run is s3cmd cp s3://SourceBucket/File1 s3://DestinationBucket/File1
You cant, but to do it in python using the boto library do like this, for example, to list the instances in aws region "eu-west-1" launched more than 30 days ago.
import boto.ec2
import datetime
from dateutil import parser
conn = boto.ec2.connect_to_region('eu-west-1')
reservations = conn.get_all_instances()
for r in reservations:
for i in r.instances:
launchtime = parser.parse(i.launch_time)
launchtime_naive = launchtime.replace(tzinfo=None)
then = datetime.datetime.utcnow() + datetime.timedelta(days = -30)
if launchtime_naive < then:
print i.id
Best Answer
I don't think so, most of the dependencies are used by most of the AWS CLI commands I'd suspect so installing a trimmed down version won't really help much.
But you can either:
Use an AMI that comes with AWS CLI already installed - e.g. Amazon Linux 2
Create your own AMI with AWS CLI installed and use that as your base image - simply spin up an instance from the image of your choice, install AWS CLI, do Create Image (= creates a new AMI) and use that for your experiments.
Use service-specific tools such as s3cmd or EB CLI that may require fewer dependencies.
Hope that helps :)