S3 Replication Flashcards
How many types of S3 replication are available in AWS?
- Cross-region replication (CRR)
- Same-region replication (SRR)
How are buckets replicated?
Replication of objects from a SOURCE bucket to a DESTINATION bucket
What is defined in the Replication Configuration?
It is a configuration that is applied to the source bucket and configures S3 to replicate from this source bucket to a destination bucket.
Additionally, it configures the IAM Role to use for the replication.
Is there any IAM identity needed to perform S3 replication?
Yes, an IAM role must be defined in the Replication Configuration.
How do trust policy and permission policy look like for the IAM role to perform the replication?
The role is configured to allow the S3 service to assume it based on its trust policy.
The role’s permission policy grants access to read objects on the source bucket and replicate them in the destination bucket.
Is the IAM role trusted by default by the destination account? (in case of different accounts in use)
No, it is not trusted by default by the destination account.
You must add a bucket policy in the destination bucket to allow the IAM Role from the source account to access the bucket.
What can be selected in the S3 Replication options?
- Which objects are replicated. (all or smaller subset)
- Select which storage class will be used by the destination bucket (same by default or cheaper if needed)
- Define ownership of the objects (same account as the source by default)
- Replication time control (RTC) - a guaranteed level of SLA for replication
What happens with the ownership of objects when the replication happens from and to different accounts?
If the buckets are in different accounts, the objects in the destination could be owned by the source account and destination account is not allowed access - this can be overwritten so the owner is the destination account and therefore has access to the bucket and its objects
What is RTC?
Replication Time Control
For what is RTC used?
Adds a guaranteed level of SLA within 15 minutes for extra cost.
- This is useful for buckets that must be in sync the whole time.
- NOTE: without RTC this is a best-effort process
Is the replication of objects considered a best-effort process by default??
Yes, without RTC is a best-effort process.
Is replication retroactive?
No, objects already existing at the time of the activation of Replication will NOT be replicated.
What is mandatory in terms of versioning to perform Bucket replication?
Both buckets, source, and destination must have enabled versioning.
Is Bucket replication a one-way or two-way process?
One-way, always from Source bucket to Destination bucket.
How are encrypted files handled by S3 replication?
S3 replication can handle objects that are unencrypted or encrypted by SSE-S3.
NOTE: SSE-KMS can also be handled but it is more complex to configure
