Table Of Contents

Feedback

User Guide

First time using the AWS CLI? See the User Guide for help getting started.

[ aws . s3api ]

put-bucket-replication

Description

Creates a replication configuration or replaces an existing one. For more information, see Replication in the Amazon S3 Developer Guide .

Note

To perform this operation, the user or role performing the operation must have the iam:PassRole permission.

Specify the replication configuration in the request body. In the replication configuration, you provide the name of the destination bucket where you want Amazon S3 to replicate objects, the IAM role that Amazon S3 can assume to replicate objects on your behalf, and other relevant information.

A replication configuration must include at least one rule, and can contain a maximum of 1,000. Each rule identifies a subset of objects to replicate by filtering the objects in the source bucket. To choose additional subsets of objects to replicate, add a rule for each subset. All rules must specify the same destination bucket.

To specify a subset of the objects in the source bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: DeleteMarkerReplication , Status , and Priority .

For information about enabling versioning on a bucket, see Using Versioning .

By default, a resource owner, in this case the AWS account that created the bucket, can perform this operation. The resource owner can also grant others permissions to perform the operation. For more information about permissions, see Specifying Permissions in a Policy and Managing Access Permissions to Your Amazon S3 Resources .

Handling Replication of Encrypted Objects

By default, Amazon S3 doesn't replicate objects that are stored at rest using server-side encryption with CMKs stored in AWS KMS. To replicate AWS KMS-encrypted objects, add the following: SourceSelectionCriteria , SseKmsEncryptedObjects , Status , EncryptionConfiguration , and ReplicaKmsKeyID . For information about replication configuration, see Replicating Objects Created with SSE Using CMKs stored in AWS KMS .

For information on PutBucketReplication errors, see ReplicationErrorCodeList

The following operations are related to PutBucketReplication :

  • GetBucketReplication
  • DeleteBucketReplication

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.

Synopsis

  put-bucket-replication
--bucket <value>
[--content-md5 <value>]
--replication-configuration <value>
[--token <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]

Options

--bucket (string)

The name of the bucket

--content-md5 (string)

The base64-encoded 128-bit MD5 digest of the data. You must use this header as a message integrity check to verify that the request body was not corrupted in transit. For more information, see RFC 1864 .

--replication-configuration (structure)

A container for replication rules. You can add up to 1,000 rules. The maximum size of a replication configuration is 2 MB.

JSON Syntax:

{
  "Role": "string",
  "Rules": [
    {
      "ID": "string",
      "Priority": integer,
      "Prefix": "string",
      "Filter": {
        "Prefix": "string",
        "Tag": {
          "Key": "string",
          "Value": "string"
        },
        "And": {
          "Prefix": "string",
          "Tags": [
            {
              "Key": "string",
              "Value": "string"
            }
            ...
          ]
        }
      },
      "Status": "Enabled"|"Disabled",
      "SourceSelectionCriteria": {
        "SseKmsEncryptedObjects": {
          "Status": "Enabled"|"Disabled"
        }
      },
      "ExistingObjectReplication": {
        "Status": "Enabled"|"Disabled"
      },
      "Destination": {
        "Bucket": "string",
        "Account": "string",
        "StorageClass": "STANDARD"|"REDUCED_REDUNDANCY"|"STANDARD_IA"|"ONEZONE_IA"|"INTELLIGENT_TIERING"|"GLACIER"|"DEEP_ARCHIVE",
        "AccessControlTranslation": {
          "Owner": "Destination"
        },
        "EncryptionConfiguration": {
          "ReplicaKmsKeyID": "string"
        },
        "ReplicationTime": {
          "Status": "Enabled"|"Disabled",
          "Time": {
            "Minutes": integer
          }
        },
        "Metrics": {
          "Status": "Enabled"|"Disabled",
          "EventThreshold": {
            "Minutes": integer
          }
        }
      },
      "DeleteMarkerReplication": {
        "Status": "Enabled"|"Disabled"
      }
    }
    ...
  ]
}

--token (string)

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.

Examples

To configure replication for an S3 bucket

The following put-bucket-replication example applies a replication configuration to the specified S3 bucket.

aws s3api put-bucket-replication \
    --bucket my-bucket \
    --replication-configuration file://replication.json

Contents of replication.json:

{
    "Role": "arn:aws:iam::123456789012:role/s3-replication-role",
    "Rules": [
        {
            "Status": "Enabled",
            "Priority": 1,
            "DeleteMarkerReplication": { "Status": "Disabled" },
            "Filter" : { "Prefix": ""},
            "Destination": {
                "Bucket": "arn:aws:s3:::my-bucket-backup"
            }
        }
    ]
}

The destination bucket must be in a different region and have versioning enabled. The specified role must have permission to write to the destination bucket and have a trust relationship that allows Amazon S3 to assume the role.

Example role permission policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "*"
        }
    ]
}

Example trust relationship policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "s3.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Output

None