AWS::S3::Bucket ReplicationRule
Specifies which Amazon S3 objects to replicate and where to store the replicas.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "DeleteMarkerReplication" :DeleteMarkerReplication, "Destination" :ReplicationDestination, "Filter" :ReplicationRuleFilter, "Id" :String, "Prefix" :String, "Priority" :Integer, "SourceSelectionCriteria" :SourceSelectionCriteria, "Status" :String}
YAML
DeleteMarkerReplication:DeleteMarkerReplicationDestination:ReplicationDestinationFilter:ReplicationRuleFilterId:StringPrefix:StringPriority:IntegerSourceSelectionCriteria:SourceSelectionCriteriaStatus:String
Properties
DeleteMarkerReplication-
Specifies whether Amazon S3 replicates delete markers. If you specify a
Filterin your replication configuration, you must also include aDeleteMarkerReplicationelement. If yourFilterincludes aTagelement, theDeleteMarkerReplicationStatusmust be set to Disabled, because Amazon S3 does not support replicating delete markers for tag-based rules. For an example configuration, see Basic Rule Configuration.For more information about delete marker replication, see Basic Rule Configuration.
Note
If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see Backward Compatibility.
Required: No
Type: DeleteMarkerReplication
Update requires: No interruption
Destination-
A container for information about the replication destination and its configurations including enabling the S3 Replication Time Control (S3 RTC).
Required: Yes
Type: ReplicationDestination
Update requires: No interruption
Filter-
A filter that identifies the subset of objects to which the replication rule applies. A
Filtermust specify exactly onePrefix,TagFilter, or anAndchild element. The use of the filter field indicates that this is a V2 replication configuration. This field isn't supported in a V1 replication configuration.Note
V1 replication configuration only supports filtering by key prefix. To filter using a V1 replication configuration, add the
Prefixdirectly as a child element of theRuleelement.Required: No
Type: ReplicationRuleFilter
Update requires: No interruption
Id-
A unique identifier for the rule. The maximum value is 255 characters. If you don't specify a value, AWS CloudFormation generates a random ID. When using a V2 replication configuration this property is capitalized as "ID".
Required: No
Type: String
Maximum:
255Update requires: No interruption
Prefix-
An object key name prefix that identifies the object or objects to which the rule applies. The maximum prefix length is 1,024 characters. To include all objects in a bucket, specify an empty string. To filter using a V1 replication configuration, add the
Prefixdirectly as a child element of theRuleelement.Important
Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.
Required: No
Type: String
Maximum:
1024Update requires: No interruption
Priority-
The priority indicates which rule has precedence whenever two or more replication rules conflict. Amazon S3 will attempt to replicate objects according to all replication rules. However, if there are two or more rules with the same destination bucket, then objects will be replicated according to the rule with the highest priority. The higher the number, the higher the priority.
For more information, see Replication in the Amazon S3 User Guide.
Required: No
Type: Integer
Update requires: No interruption
SourceSelectionCriteria-
A container that describes additional filters for identifying the source objects that you want to replicate. You can choose to enable or disable the replication of these objects.
Required: No
Type: SourceSelectionCriteria
Update requires: No interruption
Status-
Specifies whether the rule is enabled.
Required: Yes
Type: String
Allowed values:
Disabled | EnabledUpdate requires: No interruption
Examples
Associate a replication configuration IAM role with an S3 bucket
The following example creates an S3 bucket and grants it permission to write to a
replication bucket by using an AWS Identity and Access Management (IAM)
role. To avoid a circular dependency, the role's policy is declared as a separate
resource. The bucket depends on the WorkItemBucketBackupRole role. If the
policy is included in the role, the role also depends on the bucket.
JSON
{ "Resources": { "RecordServiceS3Bucket": { "Type": "AWS::S3::Bucket", "DeletionPolicy": "Retain", "Properties": { "ReplicationConfiguration": { "Role": { "Fn::GetAtt": [ "WorkItemBucketBackupRole", "Arn" ] }, "Rules": [ { "Destination": { "Bucket": { "Fn::Join": [ "", [ "arn:aws:s3:::", { "Fn::Join": [ "-", [ { "Ref": "AWS::Region" }, { "Ref": "AWS::StackName" }, "replicationbucket" ] ] } ] ] }, "StorageClass": "STANDARD" }, "Id": "Backup", "Prefix": "", "Status": "Enabled" } ] }, "VersioningConfiguration": { "Status": "Enabled" } } }, "WorkItemBucketBackupRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": [ "sts:AssumeRole" ], "Effect": "Allow", "Principal": { "Service": [ "s3.amazonaws.com" ] } } ] } } }, "BucketBackupPolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "s3:GetReplicationConfiguration", "s3:ListBucket" ], "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:aws:s3:::", { "Ref": "RecordServiceS3Bucket" } ] ] } ] }, { "Action": [ "s3:GetObjectVersion", "s3:GetObjectVersionAcl" ], "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:aws:s3:::", { "Ref": "RecordServiceS3Bucket" }, "/*" ] ] } ] }, { "Action": [ "s3:ReplicateObject", "s3:ReplicateDelete" ], "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:aws:s3:::", { "Fn::Join": [ "-", [ { "Ref": "AWS::Region" }, { "Ref": "AWS::StackName" }, "replicationbucket" ] ] }, "/*" ] ] } ] } ] }, "PolicyName": "BucketBackupPolicy", "Roles": [ { "Ref": "WorkItemBucketBackupRole" } ] } } } }
YAML
Resources: RecordServiceS3Bucket: Type: 'AWS::S3::Bucket' DeletionPolicy: Retain Properties: ReplicationConfiguration: Role: !GetAtt - WorkItemBucketBackupRole - Arn Rules: - Destination: Bucket: !Join - '' - - 'arn:aws:s3:::' - !Join - '-' - - !Ref 'AWS::Region' - !Ref 'AWS::StackName' - replicationbucket StorageClass: STANDARD Id: Backup Prefix: '' Status: Enabled VersioningConfiguration: Status: Enabled WorkItemBucketBackupRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Statement: - Action: - 'sts:AssumeRole' Effect: Allow Principal: Service: - s3.amazonaws.com BucketBackupPolicy: Type: 'AWS::IAM::Policy' Properties: PolicyDocument: Statement: - Action: - 's3:GetReplicationConfiguration' - 's3:ListBucket' Effect: Allow Resource: - !Join - '' - - 'arn:aws:s3:::' - !Ref RecordServiceS3Bucket - Action: - 's3:GetObjectVersion' - 's3:GetObjectVersionAcl' Effect: Allow Resource: - !Join - '' - - 'arn:aws:s3:::' - !Ref RecordServiceS3Bucket - /* - Action: - 's3:ReplicateObject' - 's3:ReplicateDelete' Effect: Allow Resource: - !Join - '' - - 'arn:aws:s3:::' - !Join - '-' - - !Ref 'AWS::Region' - !Ref 'AWS::StackName' - replicationbucket - /* PolicyName: BucketBackupPolicy Roles: - !Ref WorkItemBucketBackupRole
Enable versioning and replicate objects
The following example enables versioning and two replication rules. The rules copy
objects prefixed with either MyPrefix and MyOtherPrefix and
stores the copied objects in a bucket named my-replication-bucket.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "S3Bucket": { "Type": "AWS::S3::Bucket", "Properties": { "VersioningConfiguration": { "Status": "Enabled" }, "ReplicationConfiguration": { "Role": "arn:aws:iam::123456789012:role/replication_role", "Rules": [ { "Id": "MyRule1", "Status": "Enabled", "Prefix": "MyPrefix", "Destination": { "Bucket": "arn:aws:s3:::my-replication-bucket", "StorageClass": "STANDARD" } }, { "Status": "Enabled", "Prefix": "MyOtherPrefix", "Destination": { "Bucket": "arn:aws:s3:::my-replication-bucket" } } ] } } } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Resources: S3Bucket: Type: 'AWS::S3::Bucket' Properties: VersioningConfiguration: Status: Enabled ReplicationConfiguration: Role: 'arn:aws:iam::123456789012:role/replication_role' Rules: - Id: MyRule1 Status: Enabled Prefix: MyPrefix Destination: Bucket: 'arn:aws:s3:::my-replication-bucket' StorageClass: STANDARD - Status: Enabled Prefix: MyOtherPrefix Destination: Bucket: 'arn:aws:s3:::my-replication-bucket'
