Goal: Get files
- from Bucket 1 in ca-central-1 in Account A
- to Bucket 2 in us-east-1 in Account B
- using the AWS CLI from a third machine using an the IAM role with correct S3 read and write permissions (assume unless that's unlikely)
I got the error:
ClientError: An error occurred (AccessDenied) when calling the CopyObject operation: VPC endpoints do not support cross-region requests
and this broke my mental model about how S3 works. I thought that S3 was not behind any VPC and that VPC endpoints were just about an alternate routing pathway (other than the internet) for a machine within a private subnet.
But if you're using the CLI and asking to transfer files from one S3 bucket to another, why would a VPC come into play at all?