1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
I would start with examining the permissions assigned to the replication role. It should look something like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::primary-bucket",
"Effect": "Allow"
},
{
"Action": [
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Resource": "arn:aws:s3:::primary-bucket/*",
"Effect": "Allow"
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateTags",
"s3:ReplicateDelete"
],
"Resource": "arn:aws:s3:::secondary-bucket/*",
"Effect": "Allow"
}
]
}
And have a trust policy like this:
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
I checked the role against your suggestion and it contains all statements you have specified (I let AWS generate the role with permissions and trust policy and it contains a bit more, I suspect it generated a CRR version, while I only really need SRR). The role permissions do not seem to be the issue, since replication with the batch job succeeded initially. But, running a batch job again does not replicate the latest version to the destination bucket.