s3_put_bucket_replication: Creates a replication configuration or replaces an existing one

Description

Creates a replication configuration or replaces an existing one. For more information, see Replication in the Amazon S3 Developer Guide.

To perform this operation, the user or role performing the operation must have the iam:PassRole permission.

Specify the replication configuration in the request body. In the replication configuration, you provide the name of the destination bucket or buckets where you want Amazon S3 to replicate objects, the IAM role that Amazon S3 can assume to replicate objects on your behalf, and other relevant information.

A replication configuration must include at least one rule, and can contain a maximum of 1,000. Each rule identifies a subset of objects to replicate by filtering the objects in the source bucket. To choose additional subsets of objects to replicate, add a rule for each subset.

To specify a subset of the objects in the source bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: DeleteMarkerReplication, Status, and Priority.

If you are using an earlier version of the replication configuration, Amazon S3 handles replication of delete markers differently. For more information, see Backward Compatibility.

For information about enabling versioning on a bucket, see Using Versioning.

By default, a resource owner, in this case the AWS account that created the bucket, can perform this operation. The resource owner can also grant others permissions to perform the operation. For more information about permissions, see Specifying Permissions in a Policy and Managing Access Permissions to Your Amazon S3 Resources.

Handling Replication of Encrypted Objects

By default, Amazon S3 doesn't replicate objects that are stored at rest using server-side encryption with CMKs stored in AWS KMS. To replicate AWS KMS-encrypted objects, add the following: SourceSelectionCriteria, SseKmsEncryptedObjects, Status, EncryptionConfiguration, and ReplicaKmsKeyID. For information about replication configuration, see Replicating Objects Created with SSE Using CMKs stored in AWS KMS.

For information on put_bucket_replication errors, see List of replication-related error codes

The following operations are related to put_bucket_replication:

get_bucket_replication
delete_bucket_replication

Usage

s3_put_bucket_replication(Bucket, ContentMD5, ReplicationConfiguration,
  Token, ExpectedBucketOwner)

Value

An empty list.

Arguments

Bucket

[required] The name of the bucket

ContentMD5

The base64-encoded 128-bit MD5 digest of the data. You must use this header as a message integrity check to verify that the request body was not corrupted in transit. For more information, see RFC 1864.

For requests made using the AWS Command Line Interface (CLI) or AWS SDKs, this field is calculated automatically.

ReplicationConfiguration

[required]

Token

A token to allow Object Lock to be enabled for an existing bucket.

ExpectedBucketOwner

The account id of the expected bucket owner. If the bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.

Request syntax

svc$put_bucket_replication(
  Bucket = "string",
  ContentMD5 = "string",
  ReplicationConfiguration = list(
    Role = "string",
    Rules = list(
      list(
        ID = "string",
        Priority = 123,
        Prefix = "string",
        Filter = list(
          Prefix = "string",
          Tag = list(
            Key = "string",
            Value = "string"
          ),
          And = list(
            Prefix = "string",
            Tags = list(
              list(
                Key = "string",
                Value = "string"
              )
            )
          )
        ),
        Status = "Enabled"|"Disabled",
        SourceSelectionCriteria = list(
          SseKmsEncryptedObjects = list(
            Status = "Enabled"|"Disabled"
          ),
          ReplicaModifications = list(
            Status = "Enabled"|"Disabled"
          )
        ),
        ExistingObjectReplication = list(
          Status = "Enabled"|"Disabled"
        ),
        Destination = list(
          Bucket = "string",
          Account = "string",
          StorageClass = "STANDARD"|"REDUCED_REDUNDANCY"|"STANDARD_IA"|"ONEZONE_IA"|"INTELLIGENT_TIERING"|"GLACIER"|"DEEP_ARCHIVE"|"OUTPOSTS",
          AccessControlTranslation = list(
            Owner = "Destination"
          ),
          EncryptionConfiguration = list(
            ReplicaKmsKeyID = "string"
          ),
          ReplicationTime = list(
            Status = "Enabled"|"Disabled",
            Time = list(
              Minutes = 123
            )
          ),
          Metrics = list(
            Status = "Enabled"|"Disabled",
            EventThreshold = list(
              Minutes = 123
            )
          )
        ),
        DeleteMarkerReplication = list(
          Status = "Enabled"|"Disabled"
        )
      )
    )
  ),
  Token = "string",
  ExpectedBucketOwner = "string"
)

Examples

Run this code

if (FALSE) {
# The following example sets replication configuration on a bucket.
svc$put_bucket_replication(
  Bucket = "examplebucket",
  ReplicationConfiguration = list(
    Role = "arn:aws:iam::123456789012:role/examplerole",
    Rules = list(
      list(
        Destination = list(
          Bucket = "arn:aws:s3:::destinationbucket",
          StorageClass = "STANDARD"
        ),
        Prefix = "",
        Status = "Enabled"
      )
    )
  )
)
}

Run the code above in your browser using DataLab