Amazon Simple Storage Service (S3) | Cross-Region Replication Flashcards
Why would I use a lifecycle policy to expire incomplete multipart uploads?
Cross-Region Replication
Amazon Simple Storage Service (S3) | Storage
The lifecycle policy that expires incomplete multipart uploads allows you to save on costs by limiting the time non-completed multipart uploads are stored. For example, if your application uploads several multipart object parts, but never commits them, you will still be charged for that storage. This policy can lower your S3 storage bill by automatically removing incomplete multipart uploads and the associated storage after a predefined number of days.
Learn more.
What is Amazon S3 Cross-Region Replication (CRR)?
Cross-Region Replication
Amazon Simple Storage Service (S3) | Storage
CRR is an Amazon S3 feature that automatically replicates data across AWS regions. With CRR, every object uploaded to an S3 bucket is automatically replicated to a destination bucket in a different AWS region that you choose. You can use CRR to provide lower-latency data access in different geographic regions. CRR can also help if you have a compliance requirement to store copies of data hundreds of miles apart.
How do I enable CRR?
Cross-Region Replication
Amazon Simple Storage Service (S3) | Storage
CRR is a bucket-level configuration. You enable a CRR configuration on your source bucket by specifying a destination bucket in a different region for replication. You can use either the AWS Management Console, the REST API, the AWS CLI, or the AWS SDKs to enable CRR. Versioning must be turned on for both the source and destination buckets to enable CRR. To learn more, please visit How to Set Up Cross-Region Replication in the Amazon S3 Developer Guide.
What does CRR replicate to the target bucket?
Cross-Region Replication
Amazon Simple Storage Service (S3) | Storage
CRR replicates every object-level upload that you directly make to your source bucket. The metadata and ACLs associated with the object are also part of the replication. Any change to the underlying data, metadata, or ACLs on the object would trigger a new replication to the destination bucket. You can either choose to replicate all objects uploaded to a source bucket or just a subset of objects uploaded by specifying prefixes. Existing data in the bucket prior to enabling CRR is not replicated. You can use S3’s COPY API to copy the existing data into your destination bucket. To learn more about CRR please visit How to Set Up Cross-Region Replication in the Amazon S3 Developer Guide.
Can I use CRR with lifecycle rules?
Cross-Region Replication
Amazon Simple Storage Service (S3) | Storage
Yes, you can configure separate lifecycle rules on the source and destination buckets. For example, you can configure a lifecycle rule to migrate data from Standard to Standard - IA on the destination bucket or configure a lifecycle rule to archive data into Amazon Glacier.
Can I use CRR with objects encrypted by AWS KMS?
Cross-Region Replication
Amazon Simple Storage Service (S3) | Storage
Yes, you can replicate KMS-encrypted objects by providing destination KMS key in your replication configuration. Learn more.
Does enabling AWS KMS support for Cross-Region Replication affect KMS API rate?
Cross-Region Replication
Amazon Simple Storage Service (S3) | Storage
Yes, AWS KMS support for CRR will increase KMS API rate for your account. Specifically, CRR will double the S3-related KMS API rate in the source region and increase by the same increment in the destination region. We recommend requesting an increase in your KMS API rate limit by creating a case in the AWS support center. There is no additional cost for KMS API rate limit increase.
Are objects securely transferred and encrypted throughout replication process?
Cross-Region Replication
Amazon Simple Storage Service (S3) | Storage
Yes, objects remain encrypted throughout the CRR process. The encrypted objects are transmitted securely via SSL from the source region to the destination region.
Can I use CRR across accounts?
Cross-Region Replication
Amazon Simple Storage Service (S3) | Storage
Yes, you can set up CRR across account to store your replicated data in a different account in the target region. You can use ownership overwrite in your replication configuration to maintain a distinct ownership stack between source and destination, and grant destination account ownership to the replicated storage.
