S3 Cross Region Replication
Hi AWS,
I am trying to replicate the objects of an S3 bucket cross region from source to destination bucket within the same account. The buckets are encrypted with customer managed KMS keys and the versioning is Enabled for both the buckets. I have created the S3 service role with trust relationship to s3.amazonaws.com endpoint and attached the following policy to it
{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "s3:GetReplicationConfiguration", "s3:ListBucket" ], "Resource":[ "arn:aws:s3:::DOC-EXAMPLE-BUCKET1" ] }, { "Effect":"Allow", "Action":[ "s3:GetObjectVersionForReplication", "s3:GetObjectVersionAcl", "s3:GetObjectVersionTagging" ], "Resource":[ "arn:aws:s3:::DOC-EXAMPLE-BUCKET1/*" ] }, { "Effect":"Allow", "Action":[ "s3:ReplicateObject", "s3:ReplicateDelete", "s3:ReplicateTags" ], "Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET2/*" } ] }
following the documentation https://docs.aws.amazon.com/AmazonS3/latest/userguide/setting-repl-config-perm-overview.html
However it has not been mentioned if I need to update the KMS key policy either for source bucket or destination bucket. Please let me know.
- Le plus récent
- Le plus de votes
- La plupart des commentaires
Contenus pertinents
- demandé il y a 4 mois
- demandé il y a un an
- demandé il y a 6 mois
AWS OFFICIELA mis à jour il y a 2 ans
you need to update the KMS key policy for source bucket so that source bucket will allow access for destination bucket.