Beta

Amazon Simple Storage Service (Amazon S3)

AWS S3 Advanced Features

Demo S3 Replication

Learn how to set up cross-region replication between two Amazon S3 buckets. This guide walks you through creating source and destination buckets, configuring replication rules, reviewing IAM roles, and testing replication. The same steps apply to same-region replication.

1. Create Source and Destination Buckets

  1. Open the Amazon S3 console and click Create bucket.
    The image shows the AWS S3 Management Console with the "Create bucket" page open, where users can configure settings for a new S3 bucket.

  2. Name your buckets and choose regions:

Bucket NameRegionPurpose
kk-repl-sourceUS East (N. Virginia)Source
kk-repl-destinationUS West (Oregon)Destination
  1. After creating both, you should see them listed:
    The image shows an Amazon S3 management console with a list of two buckets, "kk-repl-source" and "kk-repl-destination," both marked as not public. A notification indicates a bucket was successfully created.

Note

Bucket names must be globally unique and comply with DNS naming conventions.

2. Configure the Replication Rule

  1. In the source bucket, select the Management tab and then Replication rules. Click Create replication rule.
    The image shows an AWS S3 Management Console screen where a replication rule is being configured. It includes options for setting the source bucket, region, rule scope, and filter type.

  2. Enter a name (e.g., MyReplication) and enable the rule. Set the rule scope to Entire bucket so all objects replicate.

  3. Under Destination, click Browse and choose kk-repl-destination.
    The image shows an AWS S3 Management Console screen for setting up bucket replication, with options for source and destination buckets and IAM role selection.

  4. If versioning is not enabled on either bucket, follow the console prompts to turn it on.

Warning

Objects uploaded before versioning is enabled will not be replicated.

  1. Under IAM role, choose Create new role. Leave the destination storage class at its default unless you need a different class.

  2. On the replication settings page, enable Replication Time Control (RTC) to guarantee replication within 15 minutes. You can also opt to replicate delete markers or metadata. Click Save.
    The image shows an AWS S3 Management Console screen with options for configuring replication settings, including encryption, destination storage class, and additional replication options. A green notification bar at the top indicates that object versioning is enabled.

  3. Your new rule will now appear in the list:
    The image shows an AWS S3 Management Console screen displaying replication rules for a bucket, with details about the source and destination regions and replication settings.

3. Review the IAM Role

The console created an IAM role (for example, role-for-kk-repl-source) with the policies needed for replication. To inspect:

  1. Go to the IAM console and click Roles.
    The image shows the AWS Identity and Access Management (IAM) console, specifically the "Roles" section, listing various roles and their trusted entities.

  2. Select the replication role and review its attached policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetReplicationConfiguration",
        "s3:GetObjectVersionForReplication",
        "s3:GetObjectVersionACL",
        "s3:GetObjectVersionTagging",
        "s3:GetObjectRetention",
        "s3:GetObjectLegalHold"
      ],
      "Resource": [
        "arn:aws:s3:::kk-repl-source",
        "arn:aws:s3:::kk-repl-destination"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ReplicateObject",
        "s3:ReplicateDelete",
        "s3:ReplicateTags",
        "s3:ObjectOwnerOverrideToBucketOwner"
      ],
      "Resource": [
        "arn:aws:s3:::kk-repl-source/*",
        "arn:aws:s3:::kk-repl-destination/*"
      ]
    }
  ]
}

4. Test Replication

  1. Upload a few files to the source bucket (kk-repl-source).
  2. In another tab, open the destination bucket (kk-repl-destination) and verify that the objects appear within 15 minutes.
    The image shows an Amazon S3 bucket interface with a list of objects and folders, including files named "file1," "file2," "file3," and "secondfile.txt." The interface displays options for managing these objects, such as uploading and creating folders.

Congratulations! You’ve successfully configured cross-region replication for Amazon S3.

Watch Video

Watch video content

Practice Lab

Practice lab

Previous
S3 Replication
Next
S3 Encryption