interface GrantReplicationPermissionProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.S3.GrantReplicationPermissionProps |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awss3#GrantReplicationPermissionProps |
 Java | software.amazon.awscdk.services.s3.GrantReplicationPermissionProps |
 Python | aws_cdk.aws_s3.GrantReplicationPermissionProps |
 TypeScript (source) | aws-cdk-lib » aws_s3 » GrantReplicationPermissionProps |
The properties for the destination bucket for granting replication permission.
Example
declare const destinationBucket1: s3.IBucket;
declare const destinationBucket2: s3.IBucket;
declare const replicationRole: iam.IRole;
declare const encryptionKey: kms.IKey;
declare const destinationEncryptionKey: kms.IKey;
const sourceBucket = new s3.Bucket(this, 'SourceBucket', {
// Versioning must be enabled on both the source and destination bucket
versioned: true,
// Optional. Specify the KMS key to use for encrypts objects in the source bucket.
encryptionKey,
// Optional. If not specified, a new role will be created.
replicationRole,
replicationRules: [
{
// The destination bucket for the replication rule.
destination: destinationBucket1,
// The priority of the rule.
// Amazon S3 will attempt to replicate objects according to all replication rules.
// However, if there are two or more rules with the same destination bucket, then objects will be replicated according to the rule with the highest priority.
// The higher the number, the higher the priority.
// It is essential to specify priority explicitly when the replication configuration has multiple rules.
priority: 1,
},
{
destination: destinationBucket2,
priority: 2,
// Whether to specify S3 Replication Time Control (S3 RTC).
// S3 RTC replicates most objects that you upload to Amazon S3 in seconds,
// and 99.99 percent of those objects within specified time.
replicationTimeControl: s3.ReplicationTimeValue.FIFTEEN_MINUTES,
// Whether to enable replication metrics about S3 RTC.
// If set, metrics will be output to indicate whether replication by S3 RTC took longer than the configured time.
metrics: s3.ReplicationTimeValue.FIFTEEN_MINUTES,
// The kms key to use for the destination bucket.
kmsKey: destinationEncryptionKey,
// The storage class to use for the destination bucket.
storageClass: s3.StorageClass.INFREQUENT_ACCESS,
// Whether to replicate objects with SSE-KMS encryption.
sseKmsEncryptedObjects: false,
// Whether to replicate modifications on replicas.
replicaModifications: true,
// Whether to replicate delete markers.
// This property cannot be enabled if the replication rule has a tag filter.
deleteMarkerReplication: false,
// The ID of the rule.
id: 'full-settings-rule',
// The object filter for the rule.
filter: {
// The prefix filter for the rule.
prefix: 'prefix',
// The tag filter for the rule.
tags: [
{
key: 'tagKey',
value: 'tagValue',
},
],
}
},
],
});
// Grant permissions to the replication role.
// This method is not required if you choose to use an auto-generated replication role or manually grant permissions.
sourceBucket.grantReplicationPermission(replicationRole, {
// Optional. Specify the KMS key to use for decrypting objects in the source bucket.
sourceDecryptionKey: encryptionKey,
destinations: [
{ bucket: destinationBucket1 },
{ bucket: destinationBucket2, encryptionKey: destinationEncryptionKey },
],
// The 'encryptionKey' property within the 'destinations' array is optional.
// If not specified for a destination bucket, this method assumes that
// given destination bucket is not encrypted.
});
Properties
| Name | Type | Description |
|---|---|---|
| destinations | Grant[] | The destination buckets for replication. |
| source | IKey | The KMS key used to decrypt objects in the source bucket for replication. |
destinations
Type:
Grant[]
The destination buckets for replication.
Specify the KMS key to use for encryption if a destination bucket needs to be encrypted with a customer-managed KMS key.
One or more destination buckets are required if replication configuration is enabled (i.e., replicationRole is specified).
sourceDecryptionKey?
Type:
IKey
(optional, default: it's assumed the source bucket is not encrypted with a customer-managed KMS key.)
The KMS key used to decrypt objects in the source bucket for replication.
Required if the source bucket is encrypted with a customer-managed KMS key.