S3 replication role actions - AWS Perspective

S3 replication role actions

The IAM role used to perform the replication needs to have the following actions:

s3:ReplicateObject
s3:ReplicateDelete
s3:ReplicateTags
s3:ObjectOwnerOverrideToBucketOwner
s3:ListBucket
s3:GetReplicationConfiguration
s3:GetObjectVersionForReplication
s3:GetObjectVersionAcl
s3:GetObjectVersionTagging
s3:GetObjectRetention
s3:GetObjectLegalHold

To verify the role has the replication role actions:

  1. Copy the name of the role name in the S3 Replication wizard.

  2. Navigate to the IAM Console within the account you are setting up the replication in.

  3. Paste the name of the role into the Search IAM box.

  4. Select the top item from the list. This is the IAM role that will be used.

  5. Under Permissions policies, expand the Managed policy.

  6. Ensure it has the actions detailed in the table above.