Certified Security - Specialty

Sign Up Free or Log In to participate!

CRR and Cross Account Replication

If I’m using CRR to replicate across accounts, do the source/target buckets still need to be in different regions?

2 Answers

Under the AWS documentation for Cross-Region Replication, the only difference with cross-account scenarios is the bucket policy. The transfer would still have to be cross-region.

In a cross-account scenario in the same region, you can still grant access cross-account without needing the replication to a secondary bucket. If the concern is about security and compliance, you can restrict people’s ability to modify or delete things with bucket policy, track changes with versioning, and you also have Object Locks where compliance needs to be strictly enforced.

Hope this helps clarify a bit

Announced Sept 18th 2019, you can now replicate using SRR (Same Region Replication) as well as CRR. This will allow the source/target buckets to be in the same region. But then you’re not using CRR anymore… 😉

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?