Types of object replication
You can replicate objects between different AWS Regions or within the same AWS Region.
- Cross-Region replication (CRR) is used to copy objects across Amazon S3 buckets in different AWS Regions.
- Same-Region replication (SRR) is used to copy objects across Amazon S3 buckets in the same AWS Region.
When to use CRR
Cross-Region replication can help you do the following:
- Meet compliance requirements — Although Amazon S3 stores your data across multiple geographically distant Availability Zones by default, compliance requirements might dictate that you store data at even greater distances. Cross-Region replication allows you to replicate data between distant AWS Regions to satisfy these requirements.
- Minimize latency — If your customers are in two geographic locations, you can minimize latency in accessing objects by maintaining object copies in AWS Regions that are geographically closer to your users.
- Increase operational efficiency — If you have compute clusters in two different AWS Regions that analyze the same set of objects, you might choose to maintain object copies in those Regions.
When to use SRR
Same-Region replication can help you do the following:
- Aggregate logs into a single bucket — If you store logs in multiple buckets or across multiple accounts, you can easily replicate logs into a single, in-Region bucket. This allows for simpler processing of logs in a single location.
- Configure live replication between production and test accounts — If you or your customers have production and test accounts that use the same data, you can replicate objects between those multiple accounts, while maintaining
object metadata, by implementing SRR rules.
- Abide by data sovereignty laws — You might be required to store multiple copies of your data in separate AWS accounts within a certain Region. Same-Region replication can help you automatically replicate critical data when compliance regulations don’t allow the data to leave your country.
What is replicated?
By default Amazon S3 replicates the following:
- Objects created after you add a replication configuration.
- Unencrypted objects.
- Objects encrypted at rest under Amazon S3 managed keys (SSE-S3) or customer master keys (CMKs) stored in AWS Key Management Service (SSE-KMS). To replicate objects encrypted with CMKs stored in AWS KMS, you must explicitly enable the option. The replicated copy of the object is encrypted using the same type of server-side encryption that was used for the source object.
- Object metadata.
- Only objects in the source bucket for which the bucket owner has permissions to read objects and access control lists (ACLs).
- Object ACL updates, unless you direct Amazon S3 to change the replica ownership when source and destination buckets aren’t owned by the same accounts. It can take a while until Amazon S3 can bring the two ACLs in sync. This applies only to objects created after you add a replication configuration to the bucket.
- Object tags, if there are any.
- S3 Object Lock retention information, if there is any. When Amazon S3 replicates objects that have retention information applied, it applies those same retention controls to your replicas, overriding the default retention period configured on your destination bucket. If you don’t have retention controls applied to the objects in your source bucket, and you replicate into a destination bucket that has a default retention period set, the destination bucket’s default retention period is applied to your object replicas. For more information, see Locking objects using S3 Object Lock.