AWS Organization and Cross account access.

To fetch S3 bucket details from both accounts using the user's access keys in the second account, you'll need to configure IAM roles and policies appropriately.

1. Create an IAM User in the Second Account: In the second account, create an IAM user with the necessary permissions to access S3 buckets in both accounts. This user will be used to execute your Python script.

2. Attach an IAM Role to the User: Create an IAM role in the second account that grants the user access to S3 buckets in both accounts. This role should have the following permissions:

s3:ListAllMyBuckets to list all buckets in the second account s3:ListBucket to list objects in a specific bucket s3:GetObject to retrieve object metadata s3:GetObjectAcl to retrieve object ACLs (if needed)

3. Attach a Policy to the Role: Create a policy in the management account that allows the IAM role in the second account to access S3 buckets in the management account. This policy should have the following condition:

aws:PrincipalOrgID: YOUR_ORGANIZATION_ID 
aws:SourceAccount: SECOND_ACCOUNT_ID 

4. Attach the Policy to the Role: Attach the policy created in the management account to the IAM role in the second account. This will grant the IAM role the necessary permissions to access S3 buckets in both accounts.

5. Configure Your Python Script: In your Python script, use the Boto3 library to connect to S3 using the access keys of the IAM user in the second account. Use theclient.list_buckets()method to list all buckets in both accounts. Iterate through the list of buckets and use the client.list_objects_v2() method to list objects in each bucket. Retrieve object metadata and ACLs (if needed) using the client.get_object() and client.get_object_acl() methods, respectively.