AWS Services:
Amazon Simple Storage Service (S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as data lakes, websites, mobile applications, backup and restore, archive, enterprise applications. S3 is designed for 99.999999999% (11 9's) of durability, and stores data for millions of applications for companies all around the world.
Description:
Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. Objects may be replicated to a single destination bucket or multiple destination buckets. Destination buckets can be in different AWS Regions or within the same Region as the source bucket.
Why use replication
Replicate objects while retaining metadata
Replicate objects into different storage classes
Maintain object copies under different ownership
Keep objects stored over multiple AWS Regions
Replicate objects within 15 minutes
Affected Service Dependencies:
S3 Bucket
Pre-requisites:
Need an IAM role with all the permissions required for replication
Also KMS keys for Encryption
Remediation Plan:
Current Status: (Check whether your s3 bucket has a Replication Rule exist)
Sign in to the AWS Management Console
Go to the Amazon S3 console at https://console.aws.amazon.com/s3/
In the bucket list available click on the bucket name you want to examine
Select the Management tab and check is there any replication rule exist under the Replication rule section
Implementation Steps:
Sign in to the AWS Management Console
Go to the Amazon S3 console at https://console.aws.amazon.com/s3/
In the bucket list available click on the bucket name you want to create a Replication rule
Select the Management tab and click on create Replication rule
Give the replication rule name and Choose whether the rule will be enabled or disabled when created.
Choose a rule scope for the objects in the source bucket
Choose the destination Bucket, it may be in the same account or in a different account
S3 needs permissions to read and replicate objects from the source bucket. You grant these permissions by creating an IAM role
Can Encrypt the data using keys as per your security terms
Choose the Destination storage class like Glacier, Glacier Deep Archive, and etc from the options available
There will be some Additional replication options available that you can select as per your requirement
- Recheck the details filled and click on the Save button
Status after Implementation:
Follow the Current status section steps you can see Replication Rule exists for the bucket you choose.
Backout Plan:
Sign in to the AWS Management Console
Go to the Amazon S3 console at https://console.aws.amazon.com/s3/
In the bucket list available click on the bucket name you want to Delete Replication rule
Select the Management tab
Select the Replication rule you want to delete and click on the delete option
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-example-walkthroughs.html
https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-add-config.html