Currently my application is configured to use AWS with account AWS Payments.
We have a new requirement to upload file to S3 which is in different account AWS Orders.
I have created an S3 bucket in AWS Orders account and added another AWS use canonical account AWS Payments.
Using my application i am able to upload files to AWS Orders.
When I login into console with AWS Orders i am unable to download or view the file. Because it was created by account Payments? Do we need to add bucket policy?
Ah the old cross account S3 put without giving permissions back to the bucket owner. In short you can own the bucket but not have permission to files. To resolve this when you put the object across account you need to give the bucket owner access.
Documentation on granting cross-account permissions to put objects while ensuring the bucket owner still has full control.
You can ensure the bucket owner always has access be creating a deny statement for cross account put that do not grant full control to the owner.
To fix the objects already put, from the user that put the objects
aws s3api put-object-acl --acle bucket-owner-full-control --bucket BUCKET --key KEY