put-bucket-replication

Creates a replication configuration or replaces an existing one. For more information, see Cross-Region Replication (CRR) in the Amazon S3 Developer Guide.

See also: PUT Bucket Replication.

Warning

Cross-region replication is not supported on buckets with object lock enabled.

Synopsis

put-bucket-replication
  --bucket <value>
  [--content-md5 <value>]
  --replication-configuration <value>
  [--token <value>]
  [--cli-input-json <value>]

Options

--bucket (string)

--content-md5 (string)

The base64-encoded 128-bit MD5 digest of the data. You must use this header as a message integrity check to verify that the request body was not corrupted in transit.

--replication-configuration (structure)

JSON Syntax:

{
  "Role": "string",
  "Rules": [
    {
      "ID": "string",
      "Priority": integer,
      "Prefix": "string",
      "Filter": {
        "Prefix": "string",
        "Tag": {
          "Key": "string",
          "Value": "string"
        },
        "And": {
          "Prefix": "string",
          "Tags": [
            {
              "Key": "string",
              "Value": "string"
            }
            ...
          ]
        }
      },
      "Status": "Enabled"|"Disabled",
      "SourceSelectionCriteria": {
        "SseKmsEncryptedObjects": {
          "Status": "Enabled"|"Disabled"
        }
      },
      "Destination": {
        "Bucket": "string",
        "Account": "string",
        "StorageClass": "STANDARD"
        "AccessControlTranslation": {
          "Owner": "Destination"
        },
        "EncryptionConfiguration": {
          "ReplicaKmsKeyID": "string"
        }
      },
      "DeleteMarkerReplication": {
        "Status": "Enabled"|"Disabled"
      }
    }
    ...
  ]
}

--token (string)

A token that allows Amazon S3 object lock to be enabled for an existing bucket.

--cli-input-json (string)

Operates a service or services based on the provided JSON string. If other arguments are provided on the command line, the CLI values override the JSON-provided values. You cannot pass arbitrary binary values using a JSON-provided value, because the string is taken literally.

Examples

To configure replication for an S3 bucket

The following put-bucket-replication example applies a replication configuration to the specified S3 bucket.

$ aws s3api put-bucket-replication \
    --bucket my-bucket \
    --replication-configuration file://replication.json

Contents of replication.json:

{
    "Role": "arn:aws:iam::123456789012:role/s3-replication-role",
    "Rules": [
        {
            "Status": "Enabled",
            "Priority": 1,
            "DeleteMarkerReplication": { "Status": "Disabled" },
            "Filter" : { "Prefix": ""},
            "Destination": {
                "Bucket": "arn:aws:s3:::my-bucket-backup"
            }
        }
    ]
}

The destination bucket must be in a different region and have versioning enabled. The specified role must have permission to write to the destination bucket and have a trust relationship that allows Zenko to assume the role.

Example role permission policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }
    ]
}

Example trust relationship policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "s3.example.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Output

None