S3 replicate latest version
I have set up S3 replication from a version bucket to another (versioned) bucket on the same account (SRR). A tag is used to scope the replicated file(s). Every night, a new version of each file is uploaded to the source bucket, and this new version becomes the current version (versioned backups).
With a batch operation, I have replicated the current version of the file to the destination bucket without problems, so permissions are set correctly. I understood only current versions will be replicated, not previous versions. However, replication does not seem to take place at all when a new version is uploaded to the source bucket. The destination bucket only has the version from the batch operation, which is 4 versions behind on the source bucket. Why are the new versions not replicated?
I would start with examining the permissions assigned to the replication role. It should look something like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetReplicationConfiguration",
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::primary-bucket",
"Effect": "Allow"
},
{
"Action": [
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Resource": "arn:aws:s3:::primary-bucket/*",
"Effect": "Allow"
},
{
"Action": [
"s3:ReplicateObject",
"s3:ReplicateTags",
"s3:ReplicateDelete"
],
"Resource": "arn:aws:s3:::secondary-bucket/*",
"Effect": "Allow"
}
]
}And have a trust policy like this:
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Relevant questions
S3 replicate latest version
asked 2 months agoCan't download file from S3 bucket in another account
asked 2 years agoDoes S3 same region replication trigger S3 event notifications in the destination bucket?
Accepted Answerasked 2 years agoAdding S3 Bucket Policy Cause S3 Replication Failed
Accepted Answerasked a month agoWhy do we need S3 bucket versioning enabled in order to do replication?
Accepted Answerasked a year agoHow do I copy files from my S3 bucket hosted in Europe to my S3 bucket hosted in the United States?
asked 6 months agoCross account copy from S3 to Deep Archive
Accepted Answerasked 2 years agoS3 Static Website Objects 403 Forbidden when Uploaded from Different Account
asked 22 days agoAWS S3 Replication With Lifecycle Policy - Cross Account
asked 2 years agoAccess bucket s3 from a role on another account
asked 8 months ago
I checked the role against your suggestion and it contains all statements you have specified (I let AWS generate the role with permissions and trust policy and it contains a bit more, I suspect it generated a CRR version, while I only really need SRR). The role permissions do not seem to be the issue, since replication with the batch job succeeded initially. But, running a batch job again does not replicate the latest version to the destination bucket.