S3 cross account replication helps us to keep backup of our data, with versioning enabled. This will give us some breathe when any DR happens or the data we lost it.
In this tutorial we will configure how to do s3 cross region replication between two accounts.
prerequisites :
One bucket in Source region/account One bucket in Destination region/accountVersioning enabled
Once the bucket is created in S3. Click on the Management tab and choose
Replication(Source Account)
and Click on Add rule
1)Source
I am currently moving all the contents inside the bucket.
If you want move the content inside a folder
choose prefix in this bucket and add the folder name like below
eg : test/
Click Next
2) Destination
Click on choose a bucket and select Buckets in another account.
Enter the Destination Account ID and the Destination bucket name
click save.
3) Pemissions
Choose create a New role (the role will be created )
copy the bucket policy(this policy should be placed in the destination bucket policy-(destination account))
Policy will be look like this.Copy and paste it in your destination bucket.
{
"Version": "2008-10-17",
"Id": "S3-Console-Replication-Policy",
"Statement": [
{
"Sid": "S3ReplicationPolicyStmt1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::AWSACCOUNTID:root"
},
"Action": [
"s3:GetBucketVersioning",
"s3:PutBucketVersioning",
"s3:ReplicateObject",
"s3:ReplicateDelete"
],
"Resource": [
"arn:aws:s3:::BucketName",
"arn:aws:s3:::BucketName/*"
]
}
]
}
4) Review and Click on Save to enable the replication.
Changes in Destination Account :
- Click on the destination bucket
- Click on the permission . Select bucket policy and paste the policy generated in source account.
- Click on Management. Choose Replication and click More and select Recieve objects.
Enter the Source account ID and click Done.
Upload Files to the source bucket
Check the files in the Destination Bucket. The files are replicated from Source account to Destination account.
andytanoko 