Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

S3 replicate latest version

0

I have set up S3 replication from a version bucket to another (versioned) bucket on the same account (SRR). A tag is used to scope the replicated file(s). Every night, a new version of each file is uploaded to the source bucket, and this new version becomes the current version (versioned backups).

With a batch operation, I have replicated the current version of the file to the destination bucket without problems, so permissions are set correctly. I understood only current versions will be replicated, not previous versions. However, replication does not seem to take place at all when a new version is uploaded to the source bucket. The destination bucket only has the version from the batch operation, which is 4 versions behind on the source bucket. Why are the new versions not replicated?

Argomenti
Migrazione e modernizzazioneArchiviazione
Tag
Migrazione e modernizzazioneServizio di archiviazione semplice di AmazonArchiviazione
Lingua
English
AWS-User-9889580
posta 2 anni fa581 visualizzazioni
1 Risposta
0

I would start with examining the permissions assigned to the replication role. It should look something like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:GetReplicationConfiguration",
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::primary-bucket",
            "Effect": "Allow"
        },
        {
            "Action": [
                "s3:GetObjectVersion",
                "s3:GetObjectVersionAcl",
                "s3:GetObjectVersionTagging"
            ],
            "Resource": "arn:aws:s3:::primary-bucket/*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "s3:ReplicateObject",
                "s3:ReplicateTags",
                "s3:ReplicateDelete"
            ],
            "Resource": "arn:aws:s3:::secondary-bucket/*",
            "Effect": "Allow"
        }
    ]
}

And have a trust policy like this:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "s3.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
profile pictureAWS
ESPERTO
kentrad
con risposta 2 anni fa
  • AWS-User-9889580
    2 anni fa

    I checked the role against your suggestion and it contains all statements you have specified (I let AWS generate the role with permissions and trust policy and it contains a bit more, I suspect it generated a CRR version, while I only really need SRR). The role permissions do not seem to be the issue, since replication with the batch job succeeded initially. But, running a batch job again does not replicate the latest version to the destination bucket.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente