AWS CLI Command Reference

[ aws . s3control ]

put-bucket-replication

Description

Note

This action creates an Amazon S3 on Outposts bucket’s replication configuration. To create an S3 bucket’s replication configuration, see PutBucketReplication in the Amazon S3 API Reference .

Creates a replication configuration or replaces an existing one. For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide .

Note

It can take a while to propagate PUT or DELETE requests for a replication configuration to all S3 on Outposts systems. Therefore, the replication configuration that’s returned by a GET request soon after a PUT or DELETE request might return a more recent result than what’s on the Outpost. If an Outpost is offline, the delay in updating the replication configuration on that Outpost can be significant.

Specify the replication configuration in the request body. In the replication configuration, you provide the following information:

  • The name of the destination bucket or buckets where you want S3 on Outposts to replicate objects
  • The Identity and Access Management (IAM) role that S3 on Outposts can assume to replicate objects on your behalf
  • Other relevant information, such as replication rules

A replication configuration must include at least one rule and can contain a maximum of 100. Each rule identifies a subset of objects to replicate by filtering the objects in the source Outposts bucket. To choose additional subsets of objects to replicate, add a rule for each subset.

To specify a subset of the objects in the source Outposts bucket to apply a replication rule to, add the Filter element as a child of the Rule element. You can filter objects based on an object key prefix, one or more object tags, or both. When you add the Filter element in the configuration, you must also add the following elements: DeleteMarkerReplication , Status , and Priority .

Using PutBucketReplication on Outposts requires that both the source and destination buckets must have versioning enabled. For information about enabling versioning on a bucket, see Managing S3 Versioning for your S3 on Outposts bucket .

For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide .

Handling Replication of Encrypted Objects

Outposts buckets are encrypted at all times. All the objects in the source Outposts bucket are encrypted and can be replicated. Also, all the replicas in the destination Outposts bucket are encrypted with the same encryption key as the objects in the source Outposts bucket.

Permissions

To create a PutBucketReplication request, you must have s3-outposts:PutReplicationConfiguration permissions for the bucket. The Outposts bucket owner has this permission by default and can grant it to others. For more information about permissions, see Setting up IAM with S3 on Outposts and Managing access to S3 on Outposts buckets .

Note

To perform this operation, the user or role must also have the iam:CreateRole and iam:PassRole permissions. For more information, see Granting a user permissions to pass a role to an Amazon Web Services service .

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control . For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.

The following operations are related to PutBucketReplication :

See also: AWS API Documentation

Synopsis

  put-bucket-replication
--account-id <value>
--bucket <value>
--replication-configuration <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Options

--account-id (string)

The Amazon Web Services account ID of the Outposts bucket.

--bucket (string)

Specifies the S3 on Outposts bucket to set the configuration for.

For using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.

For using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/bucket/<my-bucket-name> . For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2 , use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports . The value must be URL encoded.

--replication-configuration (structure)

Role -> (string)

The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that S3 on Outposts assumes when replicating objects. For information about S3 replication on Outposts configuration, see Setting up replication in the Amazon S3 User Guide .

Rules -> (list)

A container for one or more replication rules. A replication configuration must have at least one rule and can contain an array of 100 rules at the most.

(structure)

Specifies which S3 on Outposts objects to replicate and where to store the replicas.

ID -> (string)

A unique identifier for the rule. The maximum value is 255 characters.

Priority -> (integer)

The priority indicates which rule has precedence whenever two or more replication rules conflict. S3 on Outposts attempts to replicate objects according to all replication rules. However, if there are two or more rules with the same destination Outposts bucket, then objects will be replicated according to the rule with the highest priority. The higher the number, the higher the priority.

For more information, see Creating replication rules on Outposts in the Amazon S3 User Guide .

Prefix -> (string)

An object key name prefix that identifies the object or objects to which the rule applies. The maximum prefix length is 1,024 characters. To include all objects in an Outposts bucket, specify an empty string.

Warning

When you’re using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide .

Filter -> (structure)

A filter that identifies the subset of objects to which the replication rule applies. A Filter element must specify exactly one Prefix , Tag , or And child element.

Prefix -> (string)

An object key name prefix that identifies the subset of objects that the rule applies to.

Warning

When you’re using XML requests, you must replace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. For more information, see XML-related object key constraints in the Amazon S3 User Guide .

Tag -> (structure)

A container for a key-value name pair.

Key -> (string)

Key of the tag

Value -> (string)

Value of the tag

And -> (structure)

A container for specifying rule filters. The filters determine the subset of objects that the rule applies to. This element is required only if you specify more than one filter. For example:

  • If you specify both a Prefix and a Tag filter, wrap these filters in an And element.
  • If you specify a filter based on multiple tags, wrap the Tag elements in an And element.

Prefix -> (string)

An object key name prefix that identifies the subset of objects that the rule applies to.

Tags -> (list)

An array of tags that contain key and value pairs.

(structure)

A container for a key-value name pair.

Key -> (string)

Key of the tag

Value -> (string)

Value of the tag

Status -> (string)

Specifies whether the rule is enabled.

SourceSelectionCriteria -> (structure)

A container that describes additional filters for identifying the source Outposts objects that you want to replicate. You can choose to enable or disable the replication of these objects.

SseKmsEncryptedObjects -> (structure)

A filter that you can use to select Amazon S3 objects that are encrypted with server-side encryption by using Key Management Service (KMS) keys. If you include SourceSelectionCriteria in the replication configuration, this element is required.

Note

This is not supported by Amazon S3 on Outposts buckets.

Status -> (string)

Specifies whether Amazon S3 replicates objects that are created with server-side encryption by using an KMS key stored in Key Management Service.

ReplicaModifications -> (structure)

A filter that you can use to specify whether replica modification sync is enabled. S3 on Outposts replica modification sync can help you keep object metadata synchronized between replicas and source objects. By default, S3 on Outposts replicates metadata from the source objects to the replicas only. When replica modification sync is enabled, S3 on Outposts replicates metadata changes made to the replica copies back to the source object, making the replication bidirectional.

To replicate object metadata modifications on replicas, you can specify this element and set the Status of this element to Enabled .

Note

You must enable replica modification sync on the source and destination buckets to replicate replica metadata changes between the source and the replicas.

Status -> (string)

Specifies whether S3 on Outposts replicates modifications to object metadata on replicas.

ExistingObjectReplication -> (structure)

An optional configuration to replicate existing source bucket objects.

Note

This is not supported by Amazon S3 on Outposts buckets.

Status -> (string)

Specifies whether Amazon S3 replicates existing source bucket objects.

Destination -> (structure)

A container for information about the replication destination and its configurations.

Account -> (string)

The destination bucket owner’s account ID.

Bucket -> (string)

The Amazon Resource Name (ARN) of the access point for the destination bucket where you want S3 on Outposts to store the replication results.

ReplicationTime -> (structure)

A container that specifies S3 Replication Time Control (S3 RTC) settings, including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. Must be specified together with a Metrics block.

Note

This is not supported by Amazon S3 on Outposts buckets.

Status -> (string)

Specifies whether S3 Replication Time Control (S3 RTC) is enabled.

Time -> (structure)

A container that specifies the time by which replication should be complete for all objects and operations on objects.

Minutes -> (integer)

Contains an integer that specifies the time period in minutes.

Valid value: 15

AccessControlTranslation -> (structure)

Specify this property only in a cross-account scenario (where the source and destination bucket owners are not the same), and you want to change replica ownership to the Amazon Web Services account that owns the destination bucket. If this property is not specified in the replication configuration, the replicas are owned by same Amazon Web Services account that owns the source object.

Note

This is not supported by Amazon S3 on Outposts buckets.

Owner -> (string)

Specifies the replica ownership.

EncryptionConfiguration -> (structure)

A container that provides information about encryption. If SourceSelectionCriteria is specified, you must specify this element.

Note

This is not supported by Amazon S3 on Outposts buckets.

ReplicaKmsKeyID -> (string)

Specifies the ID of the customer managed KMS key that’s stored in Key Management Service (KMS) for the destination bucket. This ID is either the Amazon Resource Name (ARN) for the KMS key or the alias ARN for the KMS key. Amazon S3 uses this KMS key to encrypt replica objects. Amazon S3 supports only symmetric encryption KMS keys. For more information, see Symmetric encryption KMS keys in the Amazon Web Services Key Management Service Developer Guide .

Metrics -> (structure)

A container that specifies replication metrics-related settings.

Status -> (string)

Specifies whether replication metrics are enabled.

EventThreshold -> (structure)

A container that specifies the time threshold for emitting the s3:Replication:OperationMissedThreshold event.

Note

This is not supported by Amazon S3 on Outposts buckets.

Minutes -> (integer)

Contains an integer that specifies the time period in minutes.

Valid value: 15

StorageClass -> (string)

The storage class to use when replicating objects. All objects stored on S3 on Outposts are stored in the OUTPOSTS storage class. S3 on Outposts uses the OUTPOSTS storage class to create the object replicas.

Note

Values other than OUTPOSTS aren’t supported by Amazon S3 on Outposts.

DeleteMarkerReplication -> (structure)

Specifies whether S3 on Outposts replicates delete markers. If you specify a Filter element in your replication configuration, you must also include a DeleteMarkerReplication element. If your Filter includes a Tag element, the DeleteMarkerReplication element’s Status child element must be set to Disabled , because S3 on Outposts doesn’t support replicating delete markers for tag-based rules.

For more information about delete marker replication, see How delete operations affect replication in the Amazon S3 User Guide .

Status -> (string)

Indicates whether to replicate delete markers.

Bucket -> (string)

The Amazon Resource Name (ARN) of the access point for the source Outposts bucket that you want S3 on Outposts to replicate the objects from.

JSON Syntax:

{
  "Role": "string",
  "Rules": [
    {
      "ID": "string",
      "Priority": integer,
      "Prefix": "string",
      "Filter": {
        "Prefix": "string",
        "Tag": {
          "Key": "string",
          "Value": "string"
        },
        "And": {
          "Prefix": "string",
          "Tags": [
            {
              "Key": "string",
              "Value": "string"
            }
            ...
          ]
        }
      },
      "Status": "Enabled"|"Disabled",
      "SourceSelectionCriteria": {
        "SseKmsEncryptedObjects": {
          "Status": "Enabled"|"Disabled"
        },
        "ReplicaModifications": {
          "Status": "Enabled"|"Disabled"
        }
      },
      "ExistingObjectReplication": {
        "Status": "Enabled"|"Disabled"
      },
      "Destination": {
        "Account": "string",
        "Bucket": "string",
        "ReplicationTime": {
          "Status": "Enabled"|"Disabled",
          "Time": {
            "Minutes": integer
          }
        },
        "AccessControlTranslation": {
          "Owner": "Destination"
        },
        "EncryptionConfiguration": {
          "ReplicaKmsKeyID": "string"
        },
        "Metrics": {
          "Status": "Enabled"|"Disabled",
          "EventThreshold": {
            "Minutes": integer
          }
        },
        "StorageClass": "STANDARD"|"REDUCED_REDUNDANCY"|"STANDARD_IA"|"ONEZONE_IA"|"INTELLIGENT_TIERING"|"GLACIER"|"DEEP_ARCHIVE"|"OUTPOSTS"|"GLACIER_IR"
      },
      "DeleteMarkerReplication": {
        "Status": "Enabled"|"Disabled"
      },
      "Bucket": "string"
    }
    ...
  ]
}

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.

Global Options

--debug (boolean)

Turn on debug logging.

--endpoint-url (string)

Override command’s default URL with the given URL.

--no-verify-ssl (boolean)

By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.

--no-paginate (boolean)

Disable automatic pagination.

--output (string)

The formatting style for command output.

  • json
  • text
  • table
  • yaml
  • yaml-stream

--query (string)

A JMESPath query to use in filtering the response data.

--profile (string)

Use a specific profile from your credential file.

--region (string)

The region to use. Overrides config/env settings.

--version (string)

Display the version of this tool.

--color (string)

Turn on/off color output.

  • on
  • off
  • auto

--no-sign-request (boolean)

Do not sign requests. Credentials will not be loaded if this argument is provided.

--ca-bundle (string)

The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.

--cli-read-timeout (int)

The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.

--cli-connect-timeout (int)

The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.

--cli-binary-format (string)

The formatting style to be used for binary blobs. The default format is base64. The base64 format expects binary blobs to be provided as a base64 encoded string. The raw-in-base64-out format preserves compatibility with AWS CLI V1 behavior and binary values must be passed literally. When providing contents from a file that map to a binary blob fileb:// will always be treated as binary and use the file contents directly regardless of the cli-binary-format setting. When using file:// the file contents will need to properly formatted for the configured cli-binary-format.

  • base64
  • raw-in-base64-out

--no-cli-pager (boolean)

Disable cli pager for output.

--cli-auto-prompt (boolean)

Automatically prompt for CLI input parameters.

--no-cli-auto-prompt (boolean)

Disable automatically prompt for CLI input parameters.

Output

None

© Copyright 2018, Amazon Web Services. Created using Sphinx.