Cross-region replication is a bucket-level feature that enables automatic, asynchronous
copying of objects across buckets in different AWS regions. To activate this feature, you add a
replication configuration to your source bucket. In the configuration, you
provide information such as the destination bucket where you want objects replicated to. You can
request Amazon S3 to replicate all or a subset of objects with specific key name prefixes. For
example, you can configure cross-region replication to replicate only objects with the key name
Tax/. This causes Amazon S3 to replicate objects with a key such as
Tax/doc2, but not an object with the key
The object replicas in the destination bucket are exact replicas of the objects in the source bucket. They have the same key names and the same metadata—for example, creation time, owner, user-defined metadata, version ID, ACL, and storage class (assuming you did not explicitly specify different storage class for object replicas in the replication configuration). Amazon S3 encrypts all data in transit across AWS regions using SSL. You can also optionally specify storage class to use when Amazon S3 creates object replicas (if you don't specify this Amazon S3 assume storage class of the source object).
You might configure cross-region replication on a bucket for various reasons, including these:
Compliance requirements – Although, by default, Amazon S3 stores your data across multiple geographically distant Availability Zones, compliance requirements might dictate that you store data at even further distances. Cross-region replication allows you to replicate data between distant AWS regions to satisfy these compliance requirements.
Minimize latency – Your customers are in two geographic locations. To minimize latency in accessing objects, you can maintain object copies in AWS regions that are geographically closer to your users.
Operational reasons – You have compute clusters in two different regions that analyze the same set of objects. You might choose to maintain object copies in those regions.
Optionally, if you have cost considerations, you can direct Amazon S3 to use the STANDARD_IA storage class for object replicas. For more information about cost considerations, see Amazon S3 Pricing.
Requirements for cross-region replication:
The source and destination buckets must be versioning-enabled. For more information about versioning, see Using Versioning.
The source and destination buckets must be in different AWS regions. For a list of AWS regions where you can create a bucket, see Regions and Endpoints in the AWS General Reference.
You can replicate objects from a source bucket to only one destination bucket.
Amazon S3 must have permission to replicate objects from that source bucket to the destination bucket on your behalf.
You can grant these permissions by creating an IAM role that Amazon S3 can assume. You must grant this role permissions for Amazon S3 actions so that when Amazon S3 assumes this role, it can perform replication tasks. For more information about IAM roles, see Create an IAM Role.
If the source bucket owner also owns the object, the bucket owner has full permissions to replicate the object. If not, the source bucket owner must have permission for the Amazon S3 actions
s3:GetObjectVersionACLto read the object and object ACL. For more information about Amazon S3 actions, see Specifying Permissions in a Policy. For more information about resources and ownership, see Amazon S3 Resources.
If you are setting up cross-region replication in a cross-account scenario (where the source and destination buckets are owned by different AWS accounts), the source bucket owner must have permission to replicate objects in the destination bucket.
The destination bucket owner needs to grant these permissions via a bucket policy. For an example, see Walkthrough 2: Configure Cross-Region Replication Where Source and Destination Buckets Are Owned by Different AWS Accounts.