S3 CRR( Cross Region Relpcation)
The automatic, asynchronous copying of objects between buckets in the same or separate AWS Regions is known as replication.
Replication transfers newly formed objects and object changes from one bucket to another.
In this example, We will setup replication for source and destination buckets that are owned by the same AWS account
Below example is provided for using the Amazon S3 console
Table of Contents
S3 CRR-Using Amazon S3 Console
We have two bucket in different region but same account.Our Source bucket is onlymybucket01 destination bucket is onlymybucket02.
Select source bucket
and go to Managemnet tab
Select [Create replication Rule] and see if versioning is enable else you have to enable it first.
once versioning enable choose any name for Replication Rule
Choose Sorce Bucket and select Rule scope accordingly.
Now Choose Destination Bucket which is in different region
if you don’t have rule created selct create new role, this will create a rule for you.
Do you want existing object replication if yes , select it else submit it.
once all step done successfully you can see the rule created and enabled .
Now Upload any file to source bucket and check into destination bucket as the object is available there.
Now CRR-Cross Region Replication implemented successfully
S3 CRR -Using Amazon CLI
Note:Here your account should have Access keys for CLI access,once you logged in go for below commands.
aws s3api create-bucket –bucket onlymybucket03 –region us-east-1
aws s3api put-bucket-versioning –bucket onlymybucket03 –versioning-configuration Status=Enabled
aws s3api create-bucket –bucket onlymybucket04 –region us-west-2 –create-bucket-configuration LocationConstraint=us-west-2
C:\Users>aws s3 ls
2023-03-10 01:45:38 onlymybucket01
2023-08-22 11:52:27 onlymybucket02
2023-08-22 13:35:39 onlymybucket03
2023-08-22 13:48:17 onlymybucket04
Save below JSON confgiuration into s3-trust-policy.json into current working directory and run below command
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal":{
"Service":"s3.amazonaws.com"
},
"Action":"sts:AssumeRole"
}
]
}
aws iam create-role –role-name replicationRole –assume-role-policy-document file://s3-trust-policy.json
Next copy below test and put proper source and destination bucket name and save as s3-role-permissions-policy.json
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Resource":[
"arn:aws:s3:::onlymybucket03/*"
]
},
{
"Effect":"Allow",
"Action":[
"s3:ListBucket",
"s3:GetReplicationConfiguration"
],
"Resource":[
"arn:aws:s3:::onlymybucket03"
]
},
{
"Effect":"Allow",
"Action":[
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Resource":"arn:aws:s3:::onlymybucket04/*"
}
]
}
Run below command for IAM policy Role .
aws iam put-role-policy –role-name replicationRole –policy-document file://s3-role-permissions-policy.json –policy-name replicationRolePolicy
Now next step is to setup replication Rule in source bucket , copy below text update IAM-role _ARN and destination bucket .
IAM Role can be seen here.
{
"Role": "IAM-role-ARN",
"Rules": [
{
"Status": "Enabled",
"Priority": 1,
"DeleteMarkerReplication": { "Status": "Disabled" },
"Filter" : { "Prefix": "Run"},
"Destination": {
"Bucket": "arn:aws:s3:::destination-bucket"
}
}
]
}
Ohh , Destination bucket is not versioning enabled , just do it and Run the command again
Test for S3 CRR
Goto Source bucket and create a folder name Run .
Put some object into Source folder Run
Check Destination bucket . folder Run is there and object is replicated from Source Bucket.
Goto propertes of this object , here we can see Replication status REPLICA.
