“ I have checked the ways of AWS to do replication of encrypted s3 buckets in the cross region. Pricing of S3 bucket as per storage size and kms as per key”

Replication enables automatic, asynchronous copying of objects across Amazon S3 buckets. Buckets that are configured for object replication can be owned by the same AWS account or by different accounts. You can replicate objects to a single destination bucket or to multiple destination buckets. The destination buckets can be in different AWS Regions or within the same Region as the source bucket.

In this post, you will get to know how to do replication of s3 objects from source region encrypted bucket to destination region encrypted bucket. Here I have created s3 bucket, kms key and Iam role with policy.

Architecture Overview

The architecture diagram shows the overall deployment architecture with data flow, amazon s3, IAM role and aws kms.

Solution overview

The blog post consist of the following phases:

1. Create of S3 Buckets with Versioning Enabled and Encrypted Key on Buckets
2. Create of IAM Role and Policy with Replication Rule
3. Output as Replicated Objects of Source Region Bucket to Destination Region Bucket

Phase 1: Create of S3 Buckets with Versioning Enabled and Encrypted Key on Buckets

1. Open the S3 console and create two buckets with versioning enabled. Also create two customer managed keys in the kms console and encrypt both the buckets with the keys as SSE-KMS.

Phase 2: Create of IAM Role and Policy with Replication Rule

1. Open the IAM console and create a policy for replication of s3 bucket objects. Also create a role and attach policy on it. Create a replication rule on the source bucket with required configurations and IAM role attached on it.

Phase 3: Output as Replicated Objects of Source Region Bucket to Destination Region Bucket

Clean-up

Delete S3 Bucket, CMK Key, IAM Role and IAM Policy.

Pricing

I review the pricing and estimated cost of this example.

Cost of S3 in N. Virginia = $0.66

Cost of S3 in Oregon = $0.232

Cost of Key Management Service in N. Virginia = $0.001

Cost of Key Management Service in Oregon = $0.00

Total Cost = $0.893

Summary

In this post, I showed “replication of s3 objects from source region encrypted bucket to destination region encrypted bucket”.

For more details on IAM, Checkout Get started IAM, open the IAM console. To learn more, read the IAM documentation.

For more details on Key Management Service, Checkout Get started Key Management Service, open the Key Management Service Console. To learn more, read the Key Management Service Documentation.

Thanks for reading!

Connect with me: Linkedin