S3 CRR
Here, we will learn about S3 CRR.
- S3 CRR expands to Cross-region replication
- Executes objects in different buckets and regions, can copy automatically
- Buckets configured for cross-region replication can be owned by same AWS account or by different accounts.
- It can enable with bucket-level configuration.
- Replication configuration is added to source bucket, having
- The destination S3 bucket, to replicate objects
- IAM role S3 can assume to replicate objects
CRR Need
CRR needed to
- Comply with compliance requirements
- Minimize latency
- Increase operational efficiency
- Maintain object copies under different ownership
CRR Requirements
- source bucket owner has source and destination AWS Regions enabled for their account.
- Destination bucket owner has destination Region enabled for their account.
- Both source and destination buckets has versioning enabled.
- The source and destination buckets are in different AWS Regions.
- S3 has permissions to replicate objects from source bucket to destination bucket
Crucial Points
- During CRR configuration, destination bucket isn’t created automatically
- Versioning needed on both source and destination buckets.
- Replication occurs if object versions creates in source bucket.
- Existing versions in source does not replicates.
- CRR needs read objects and read object permissions from source bucket and write to destination bucket.
- CRR configuration must use KMS key.
- If source objects encrypts using SSE-S3 or SSE-KMS, then IAM role must allow to access KMS key
- SSE-C encrypted source objects are not replicated to destination bucket.
- Object properties replicates to destination bucket
- Bucket properties does not replicate to destination bucket.