Provisioning AWS KMS-Encrypted Buckets with Cross Account Access
What follows is a walkthrough outlining the steps involved in implementing AWS cross-account access to an encrypted S3 bucket.
The following is a summary which describes the scenario used for the walkthrough:
- An S3 bucket, s3://account-a-bucket, is to be created in account-a and made accessible to an external AWS account, account-b
- A new KMS-CMK key needs to be created, with bucket encryption enabled using this key
- IAM user Ann, in account-a…