AWS S3 Replication

An Introductory Blog about S3 Replication Types

There are two types of replications that you can find in AWS S3.

1. Same Region Replication (SRR) —Source and Destination buckets are within the same region
2. Cross Region Replication (CRR) — Source and Destination buckets are across multiple regions

There are few important things that you need to remember here.

• Source and Destination buckets can be within the same AWS account or across different AWS accounts. The default behavior is the same owner / AWS account for both the source and the destination.
• It is required to assign a Role to the source bucket since it interacts with a destination bucket. This is valid for both the same and different AWS account scenarios.
• A bucket policy should be defined at the destination bucket level if you are using two different AWS accounts. If it is the same AWS account this is not required since it is in the same AWS account, both source and destination buckets trust each other.
• Replication Time Control (RTC) — This optional feature is defined if you have a 15 minute window to replicate. This is an important feature to add, if you have strict SLA of 15 minute or less to meet for theReplication Time Control (RTCReplication Time Control (RTC)Replication Time Control (RTC)) replication.

figure 01 — S3 Replication between the same AWS account and different AWS accounts

• Need to add a replication configuration to the source bucket. This replication configuration should include a filter criteria to replicate all or a subset of the source bucket contents.
• The replication does happen between one source and one destination. Multiple destinations by a single source is not allowed.
• You can change the storage class/ tier to a lesser class while doing the replication. The default setting is the same storage class/ tier for both source and destination buckets.
• Mostly destination bucket is chosen as a S3-Zone1A, where the use case is merely a backup.
• Both the un-encrypted and encrypted objects (SSE-S3 and SSE-KMS) are replicated. However, objects encrypted with SSE-C are not replicated.

Pre-Conditions

Following are some of the pre-conditions needs to be remembered.

• Both the source and the destination buckets should have the versioning enabled.
• Objects added before the replication are not replicated
• The source bucket sub level resources are not replicated
• The objects, which were created by another replication activity are not replicated.
• System events are not replicated (only user events are replicated)
• Objects in the Glacier and Glacier Deep Archive are not replicated
• Deleted objects are not replicated (objects marked with a delete marker are not replicated).
• It is always one way replication only.

The Same Region Replication (SRR) primarily used for situations such as log aggregations, for testing purposes and data sovereignty requirements in certain regulatory setups

Conclusion

Hope you got a clear idea how AWS S3 handles the replication and what are the limitations that it still has. AWS evolves its service capabilities continuously and as cloud architects it is important for us to keep ourselves updated on the latest developments.

I also make an effort to update my series of AWS blog articles to keep up with the changes AWS go through. You may visit some of my other updated blog articles related to AWS S3 published lately for your reference.

AWS S3 Security: https://crishantha.medium.com/aws-s3-security-d8be623e724a

AWS Server Side Encryption: https://crishantha.medium.com/aws-s3-server-side-encryption-608d01231ce1

AWS KMS: https://crishantha.medium.com/aws-kms-4cb9bb80c89