使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

S3 replicate latest version

0

I have set up S3 replication from a version bucket to another (versioned) bucket on the same account (SRR). A tag is used to scope the replicated file(s). Every night, a new version of each file is uploaded to the source bucket, and this new version becomes the current version (versioned backups).

With a batch operation, I have replicated the current version of the file to the destination bucket without problems, so permissions are set correctly. I understood only current versions will be replicated, not previous versions. However, replication does not seem to take place at all when a new version is uploaded to the source bucket. The destination bucket only has the version from the batch operation, which is 4 versions behind on the source bucket. Why are the new versions not replicated?

主題
遷移與現代化儲存空間
標籤
遷移與現代化Amazon Simple Storage Service儲存空間
語言
English
AWS-User-9889580
已提問 2 年前檢視次數 581 次
1 個回答
0

I would start with examining the permissions assigned to the replication role. It should look something like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:GetReplicationConfiguration",
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::primary-bucket",
            "Effect": "Allow"
        },
        {
            "Action": [
                "s3:GetObjectVersion",
                "s3:GetObjectVersionAcl",
                "s3:GetObjectVersionTagging"
            ],
            "Resource": "arn:aws:s3:::primary-bucket/*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "s3:ReplicateObject",
                "s3:ReplicateTags",
                "s3:ReplicateDelete"
            ],
            "Resource": "arn:aws:s3:::secondary-bucket/*",
            "Effect": "Allow"
        }
    ]
}

And have a trust policy like this:

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "s3.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
profile pictureAWS
專家
kentrad
已回答 2 年前
  • AWS-User-9889580
    2 年前

    I checked the role against your suggestion and it contains all statements you have specified (I let AWS generate the role with permissions and trust policy and it contains a bit more, I suspect it generated a CRR version, while I only really need SRR). The role permissions do not seem to be the issue, since replication with the batch job succeeded initially. But, running a batch job again does not replicate the latest version to the destination bucket.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容