-
Notifications
You must be signed in to change notification settings - Fork 4
Amazon S3 requester pays model
Jacob Nelson edited this page Jun 10, 2015
·
2 revisions
To move large files owned by someone else out of Amazon S3, it can be useful to use the "requester pays" model, where the data owner pays for the storage, but the downloader pays for the bandwidth usage. A few things have to be done to make this work:
Data owner:
- In the S3 web interface, click on the bucket holding the data and enable "Requester Pays" (at the bottom of the list). Note that if you have any files in the bucket that are made publically available over the web with "anonymous" access, it will stop working when this is enabled.
- Give the downloader permission to access the bucket or files within the bucket. The best way to do this is with a "policy" providing access to an IAM user. Here's an example that grants read access to everything in the bucket "examplebucket" to both the root account of AWS account 1234-5678-9012 as well as an IAM user "iamuser" in that account.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::123456789012:root",
"arn:aws:iam::123456789012:user/iamuser"
]
},
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::examplebucket/*"
]
}
]
}
Downloader:
- Provide your "User ARN" to the data owner. You can find it by logging into the AWS console and going to the URL
https://console.aws.amazon.com/iam/home?region=us-east-1#users/<username>where<username>is your IAM username. - Clone the development version of s3cmd (needed for
--requester-paysflag) from https://github.com/s3tools/s3cmd. As long as you have the dependences, you don't need to run any install steps. - Run
s3cmd --configureto set up your account. This will save your details in.s3cmdin your home directory. - Run
s3cmd --requester-pays --recursive s3://examplebucketto grab all files in the example bucket.