https://docs.aws.amazon.com/ja_jp/AmazonS3/latest/userguide/replication-time-control.html
レプリケート元とレプリケート先の両方のバケットで、バージョニングを有効にする必要があります。
Amazon S3 には、お客様に代わってレプリケート元バケットから送信先バケットにオブジェクトをレプリケートするためのアクセス許可が必要です。
前提: レプリケート元とレプリケート先が同じアカウントの場合
レプリケート元: bucket123-1
レプリケート先: bucket123-2
-- 1. コマンド等のインストール
-- 1.1 aws cli version 2 インストール
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version
-- 1.2 jqインストール
sudo yum -y install jq
-- 2. S3 バケットを作成する
aws s3 mb s3://bucket123-1 --region ap-northeast-1
aws s3 mb s3://bucket123-2 --region ap-northeast-3
aws s3 ls
-- 3. バケットバージョニングの有効化
aws s3api put-bucket-versioning \
--bucket bucket123-1 \
--versioning-configuration Status=Enabled
aws s3api put-bucket-versioning \
--bucket bucket123-2 \
--versioning-configuration Status=Enabled
aws s3api get-bucket-versioning \
--bucket bucket123-1
aws s3api get-bucket-versioning \
--bucket bucket123-2
-- 4. ポリシーの作成
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Resource":[
"arn:aws:s3:::bucket123-1/*"
]
},
{
"Effect":"Allow",
"Action":[
"s3:ListBucket",
"s3:GetReplicationConfiguration"
],
"Resource":[
"arn:aws:s3:::bucket123-1"
]
},
{
"Effect":"Allow",
"Action":[
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Resource":"arn:aws:s3:::bucket123-2/*"
}
]
}
aws iam create-policy \
--policy-name policy01 \
--policy-document file://policy01.json
-- 5. ロールの作成
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal":{
"Service":"s3.amazonaws.com"
},
"Action":"sts:AssumeRole"
}
]
}
aws iam create-role \
--role-name role01 \
--assume-role-policy-document file://role01.json
-- 6. ポリシーをロールにアタッチ
aws iam attach-role-policy --policy-arn arn:aws:iam::999999999999:policy/policy01 --role-name role01
-- 7. レプリケーションルールの作成
vi rep01.json
{
"Role": "arn:aws:iam::999999999999:role/role01",
"Rules": [
{
"ID": "rep01",
"Status": "Enabled",
"Priority": 1,
"DeleteMarkerReplication": { "Status": "Disabled" },
"Filter" : { "Prefix": ""},
"Destination": {
"Bucket": "arn:aws:s3:::bucket123-2",
"Metrics": {
"Status": "Enabled",
"EventThreshold": {
"Minutes": 15
}
},
"ReplicationTime": {
"Status": "Enabled",
"Time": {
"Minutes": 15
}
}
}
}
]
}
aws s3api put-bucket-replication \
--bucket bucket123-1 \
--replication-configuration file://rep01.json
aws s3api get-bucket-replication \
--bucket bucket123-1
-- 8. 動作確認
echo test01 > test01.txt
aws s3api put-object --bucket bucket123-1 --key test01.txt --body test01.txt
aws s3 ls s3://bucket123-1 --recursive
aws s3 ls s3://bucket123-2 --recursive
aws s3api list-object-versions --bucket bucket123-1
aws s3api list-object-versions --bucket bucket123-2
aws s3api head-object --bucket bucket123-1 --key test01.txt --version-id "2X2Obf9iBKcF11sFtwycX.LMGY52NWGx"
aws s3api head-object --bucket bucket123-2 --key test01.txt --version-id "2X2Obf9iBKcF11sFtwycX.LMGY52NWGx"
-- 9. クリーンアップ
-- ロールの削除
aws iam list-roles | grep role01
aws iam detach-role-policy \
--role-name role01 \
--policy-arn arn:aws:iam::999999999999:policy/policy01
aws iam delete-role --role-name role01
-- ポリシーの削除
aws iam list-policies | grep policy01
aws iam delete-policy \
--policy-arn arn:aws:iam::999999999999:policy/policy01
-- 全バージョンの削除
aws s3api list-object-versions --bucket bucket123-1
aws s3api list-object-versions --bucket bucket123-2
aws s3api delete-object --bucket bucket123-1 --key test01.txt --version-id "2X2Obf9iBKcF11sFtwycX.LMGY52NWGx"
aws s3api delete-object --bucket bucket123-2 --key test01.txt --version-id "2X2Obf9iBKcF11sFtwycX.LMGY52NWGx"
aws s3 rb s3://bucket123-1 --force
aws s3 rb s3://bucket123-2 --force
