AWS Services:

Amazon Simple Storage Service (S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as data lakes, websites, mobile applications, backup and restore, archive, enterprise applications. S3 is designed for 99.999999999% (11 9's) of durability, and stores data for millions of applications for companies all around the world.

Description:

Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. Objects may be replicated to a single destination bucket or multiple destination buckets. Destination buckets can be in different AWS Regions or within the same Region as the source bucket.

Why use replication

  • Replicate objects while retaining metadata

  • Replicate objects into different storage classes

  • Maintain object copies under different ownership

  • Keep objects stored over multiple AWS Regions

  • Replicate objects within 15 minutes

Affected Service Dependencies:

  • S3 Bucket

Pre-requisites:

  • Need an IAM role with all the permissions required for replication

  • Also KMS keys for Encryption

Remediation Plan:

Current Status: (Check whether your s3 bucket has a Replication Rule exist)

  1. Sign in to the AWS Management Console

  2. Go to the Amazon S3 console at https://console.aws.amazon.com/s3/

  3. In the bucket list available click on the bucket name you want to examine

  4. Select the Management tab and check is there any replication rule exist under the Replication rule section

Implementation Steps:

  1. Sign in to the AWS Management Console

  2. Go to the Amazon S3 console at https://console.aws.amazon.com/s3/

  3. In the bucket list available click on the bucket name you want to create a Replication rule

  4. Select the Management tab and click on create Replication rule

  5. Give the replication rule name and Choose whether the rule will be enabled or disabled when created.

  6. Choose a rule scope for the objects in the source bucket

  7. Choose the destination Bucket, it may be in the same account or in a different account

  8. S3 needs permissions to read and replicate objects from the source bucket. You grant these permissions by creating an IAM role 

  9. Can Encrypt the data using keys as per your security terms

  10. Choose the Destination storage class like Glacier, Glacier Deep Archive, and etc from the options available

  11. There will be some Additional replication options available that you can select as per your requirement 

  12. Recheck the details filled and click on the Save button

Status after Implementation:

Follow the Current status section steps you can see Replication Rule exists for the bucket you choose.

Backout Plan:

  1. Sign in to the AWS Management Console

  2. Go to the Amazon S3 console at https://console.aws.amazon.com/s3/

  3. In the bucket list available click on the bucket name you want to Delete Replication rule

  4. Select the Management tab 

  5. Select the Replication rule you want to delete and click on the delete option

Reference:

https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-example-walkthroughs.html

https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-add-config.html 

  1. Choose a rule scope for the objects in the source bucket Choose a rule scope for the objects in the source bucket Choose a rule scope for the objects in the source bucket