Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

S3 replicate latest version

0

I have set up S3 replication from a version bucket to another (versioned) bucket on the same account (SRR). A tag is used to scope the replicated file(s). Every night, a new version of each file is uploaded to the source bucket, and this new version becomes the current version (versioned backups).

With a batch operation, I have replicated the current version of the file to the destination bucket without problems, so permissions are set correctly. I understood only current versions will be replicated, not previous versions. However, replication does not seem to take place at all when a new version is uploaded to the source bucket. The destination bucket only has the version from the batch operation, which is 4 versions behind on the source bucket. Why are the new versions not replicated?

Themen
Migration und ModernisierungSpeicher
Tags
Migration und ModernisierungAmazon Simple Storage ServiceSpeicher
Sprache
English
AWS-User-9889580
gefragt vor 2 Jahren581 Aufrufe
1 Antwort
0

I would start with examining the permissions assigned to the replication role. It should look something like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:GetReplicationConfiguration",
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::primary-bucket",
            "Effect": "Allow"
        },
        {
            "Action": [
                "s3:GetObjectVersion",
                "s3:GetObjectVersionAcl",
                "s3:GetObjectVersionTagging"
            ],
            "Resource": "arn:aws:s3:::primary-bucket/*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "s3:ReplicateObject",
                "s3:ReplicateTags",
                "s3:ReplicateDelete"
            ],
            "Resource": "arn:aws:s3:::secondary-bucket/*",
            "Effect": "Allow"
        }
    ]
}

And have a trust policy like this:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "s3.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
profile pictureAWS
EXPERTE
kentrad
beantwortet vor 2 Jahren
  • AWS-User-9889580
    vor 2 Jahren

    I checked the role against your suggestion and it contains all statements you have specified (I let AWS generate the role with permissions and trust policy and it contains a bit more, I suspect it generated a CRR version, while I only really need SRR). The role permissions do not seem to be the issue, since replication with the batch job succeeded initially. But, running a batch job again does not replicate the latest version to the destination bucket.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt