S3- Cross region replication

      • Is a bucket level feature that enables automatic, asynchronous copying of objects across buckets in different regions.
      • To activate this feature, add a “replication”  configuration to your source bucket. In the configuration, you provide the “destination bucket” configuration where you want objects replicated to.
      • You can replicate all the objects in the bucket or some objects with specific key name prefixes.
      • Amazon S3 encrypts all data in transit across AWS regions using SSL.
      • Use case Scenarios:
        • Compliance requirements:  Although, by default, Amazon S3 stores your data across multiple geographically distant Availability Zones, compliance requirements might dictate that you store data at even further distances. Cross-region replication allows you to replicate data between distant AWS regions to satisfy these compliance requirements.
        • Minimize Latency: Your customers are in two geographic locations. To minimize latency in accessing objects, you can maintain object copies in AWS regions that are geographically closer to your users.
        • Operational reasons – You have compute clusters in two different regions that analyze the same set of objects. You might choose to maintain object copies in those regions.
      • Requirements:
        • The source and destination buckets must be versioning enabled.
        • Source and destinations buckets must be in different regions
        • You can replicate objects from source bucket to only one destination bucket.
        • Amazon S3 must have permissions to replicate objects from the source bucket to the destination bucket on the user’s behalf. These permissions can be grated by creating an IAM role that Amazon S3 can assume. This role must grant permissions for Amazon S3 actions so that when Amazon S3 assumes this role, it can perform replication tasks.
        • If the source bucket owner also owns the object, the bucket owner has full permissions to replicate the object. If not the source bucket owner must have permission for the Amazon S3 actions.
        • If you are setting up cross-region replication in a cross account scenario(source and destination buckets are owned by different accounts), the source bucket owner must have permissions to replicate objects in the destination bucket. The destination bucket owner needs to grant these permissions via a bucket policy.

 

 

 

 

 

Leave a comment