PutBucketReplication
Note
This operation is not supported for directory buckets.
Creates a replication configuration or replaces an existing one. For more information, see Replication in the Amazon S3 User Guide.
Specify the replication configuration in the request body. In the replication
configuration, you provide the name of the destination bucket or buckets where you want
Amazon S3 to replicate objects, the IAM role that Amazon S3 can assume to replicate objects on your
behalf, and other relevant information. You can invoke this request for a specific AWS
Region by using the aws:RequestedRegion
condition key.
A replication configuration must include at least one rule, and can contain a maximum of 1,000. Each rule identifies a subset of objects to replicate by filtering the objects in the source bucket. To choose additional subsets of objects to replicate, add a rule for each subset.
To specify a subset of the objects in the source bucket to apply a replication rule to,
add the Filter element as a child of the Rule element. You can filter objects based on an
object key prefix, one or more object tags, or both. When you add the Filter element in the
configuration, you must also add the following elements:
DeleteMarkerReplication
, Status
, and
Priority
.
Note
If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see Backward Compatibility.
For information about enabling versioning on a bucket, see Using Versioning.
- Handling Replication of Encrypted Objects
-
By default, Amazon S3 doesn't replicate objects that are stored at rest using server-side encryption with KMS keys. To replicate AWS KMS-encrypted objects, add the following:
SourceSelectionCriteria
,SseKmsEncryptedObjects
,Status
,EncryptionConfiguration
, andReplicaKmsKeyID
. For information about replication configuration, see Replicating Objects Created with SSE Using KMS keys.For information on
PutBucketReplication
errors, see List of replication-related error codes - Permissions
-
To create a
PutBucketReplication
request, you must haves3:PutReplicationConfiguration
permissions for the bucket.By default, a resource owner, in this case the AWS account that created the bucket, can perform this operation. The resource owner can also grant others permissions to perform the operation. For more information about permissions, see Specifying Permissions in a Policy and Managing Access Permissions to Your Amazon S3 Resources.
Note
To perform this operation, the user or role performing the action must have the iam:PassRole permission.
The following operations are related to PutBucketReplication
:
Request Syntax
PUT /?replication HTTP/1.1
Host: Bucket
.s3.amazonaws.com
Content-MD5: ContentMD5
x-amz-sdk-checksum-algorithm: ChecksumAlgorithm
x-amz-bucket-object-lock-token: Token
x-amz-expected-bucket-owner: ExpectedBucketOwner
<?xml version="1.0" encoding="UTF-8"?>
<ReplicationConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Role>string
</Role>
<Rule>
<DeleteMarkerReplication>
<Status>string
</Status>
</DeleteMarkerReplication>
<Destination>
<AccessControlTranslation>
<Owner>string
</Owner>
</AccessControlTranslation>
<Account>string
</Account>
<Bucket>string
</Bucket>
<EncryptionConfiguration>
<ReplicaKmsKeyID>string
</ReplicaKmsKeyID>
</EncryptionConfiguration>
<Metrics>
<EventThreshold>
<Minutes>integer
</Minutes>
</EventThreshold>
<Status>string
</Status>
</Metrics>
<ReplicationTime>
<Status>string
</Status>
<Time>
<Minutes>integer
</Minutes>
</Time>
</ReplicationTime>
<StorageClass>string
</StorageClass>
</Destination>
<ExistingObjectReplication>
<Status>string
</Status>
</ExistingObjectReplication>
<Filter>
<And>
<Prefix>string
</Prefix>
<Tag>
<Key>string
</Key>
<Value>string
</Value>
</Tag>
...
</And>
<Prefix>string
</Prefix>
<Tag>
<Key>string
</Key>
<Value>string
</Value>
</Tag>
</Filter>
<ID>string
</ID>
<Prefix>string
</Prefix>
<Priority>integer
</Priority>
<SourceSelectionCriteria>
<ReplicaModifications>
<Status>string
</Status>
</ReplicaModifications>
<SseKmsEncryptedObjects>
<Status>string
</Status>
</SseKmsEncryptedObjects>
</SourceSelectionCriteria>
<Status>string
</Status>
</Rule>
...
</ReplicationConfiguration>
URI Request Parameters
The request uses the following URI parameters.
- Bucket
-
The name of the bucket
Required: Yes
- Content-MD5
-
The base64-encoded 128-bit MD5 digest of the data. You must use this header as a message integrity check to verify that the request body was not corrupted in transit. For more information, see RFC 1864
. For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically.
- x-amz-bucket-object-lock-token
-
A token to allow Object Lock to be enabled for an existing bucket.
- x-amz-expected-bucket-owner
-
The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code
403 Forbidden
(access denied). - x-amz-sdk-checksum-algorithm
-
Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding
x-amz-checksum
orx-amz-trailer
header sent. Otherwise, Amazon S3 fails the request with the HTTP status code400 Bad Request
. For more information, see Checking object integrity in the Amazon S3 User Guide.If you provide an individual checksum, Amazon S3 ignores any provided
ChecksumAlgorithm
parameter.Valid Values:
CRC32 | CRC32C | SHA1 | SHA256
Request Body
The request accepts the following data in XML format.
- ReplicationConfiguration
-
Root level tag for the ReplicationConfiguration parameters.
Required: Yes
- Role
-
The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that Amazon S3 assumes when replicating objects. For more information, see How to Set Up Replication in the Amazon S3 User Guide.
Type: String
Required: Yes
- Rule
-
A container for one or more replication rules. A replication configuration must have at least one rule and can contain a maximum of 1,000 rules.
Type: Array of ReplicationRule data types
Required: Yes
Response Syntax
HTTP/1.1 200
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Examples
Sample Request: Add a replication configuration
The following is a sample PUT
request that creates a replication
subresource on the specified bucket and saves the replication configuration in it.
The replication configuration specifies a rule to replicate objects to the
DOC-EXAMPLE-BUCKET
bucket. The rule includes a filter to replicate
only the objects created with the key name prefix TaxDocs and that have two specific
tags.
After you add a replication configuration to your bucket, Amazon S3 assumes the AWS Identity and Access Management (IAM) role specified in the configuration to replicate objects on behalf of the bucket owner. The bucket owner is the AWS account that created the bucket.
Filtering using the <Filter> element is supported in the latest XML configuration. If you are using an earlier version of the XML configuration, you can filter only on key prefix. In that case, you add the <Prefix> element as a child of the <Rule>.
For more examples of replication configuration, see Replication Configuration Overview in the Amazon S3 User Guide.
PUT /?replication HTTP/1.1 Host: examplebucket.s3.<Region>.amazonaws.com Date: Wed, 11 Feb 2015 02:11:21 GMT Content-MD5: q6yJDlIkcBaGGfb3QLY69A== Authorization: authorization string Content-Length: length <ReplicationConfiguration> <Role>arn:aws:iam::35667example:role/CrossRegionReplicationRoleForS3</Role> <Rule> <ID>rule1</ID> <Status>Enabled</Status> <Priority>1</Priority> <DeleteMarkerReplication> <Status>Disabled</Status> </DeleteMarkerReplication> <Filter> <And> <Prefix>TaxDocs</Prefix> <Tag> <Key>key1</Key> <Value>value1</Value> </Tag> <Tag> <Key>key1</Key> <Value>value1</Value> </Tag> </And> </Filter> <Destination> <Bucket>arn:aws:s3:::DOC-EXAMPLE-BUCKET</Bucket> </Destination> </Rule> </ReplicationConfiguration>
Sample Response
This example illustrates one usage of PutBucketReplication.
HTTP/1.1 200 OK x-amz-id-2: r+qR7+nhXtJDDIJ0JJYcd+1j5nM/rUFiiiZ/fNbDOsd3JUE8NWMLNHXmvPfwMpdc x-amz-request-id: 9E26D08072A8EF9E Date: Wed, 11 Feb 2015 02:11:22 GMT Content-Length: 0 Server: AmazonS3
Sample Request: Add a Replication Configuration with Amazon S3 Replication Time Control Enabled
You can use S3 Replication Time Control (S3 RTC) to replicate your data in the same AWS Region or across different AWS Regions in a predictable time frame. S3 RTC replicates 99.99 percent of new objects stored in Amazon S3 within 15 minutes. For more information, see Replicating objects using Replication Time Control.
PUT /?replication HTTP/1.1 Host: examplebucket.s3.<Region>.amazonaws.com Date: Wed, 11 Feb 2015 02:11:21 GMT Content-MD5: q6yJDlIkcBaGGfb3QLY69A== Authorization: authorization string Content-Length: length x-amz-bucket-object-lock-token: Token <?xml version="1.0" encoding="UTF-8"?> <ReplicationConfiguration> <Role>arn:aws:iam::35667example:role/CrossRegionReplicationRoleForS3</Role> <Rule> <ID>rule1</ID> <Status>Enabled</Status> <Priority>1</Priority> <Filter> <And> <Prefix>TaxDocs</Prefix> <Tag> <Key>key1</Key> <Value>value1</Value> </Tag> <Tag> <Key>key1</Key> <Value>value1</Value> </Tag> </And> </Filter> <Destination> <Bucket>arn:aws:s3:::DOC-EXAMPLE-BUCKET</Bucket> <Metrics> <Status>Enabled</Status> <EventThreshold> <Minutes>15</Minutes> </EventThreshold> </Metrics> <ReplicationTime> <Status>Enabled</Status> <Time> <Minutes>15</Minutes> </Time> </ReplicationTime> </Destination> </Rule> </ReplicationConfiguration>
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: