If I’m using CRR to replicate across accounts, do the source/target buckets still need to be in different regions?
Under the AWS documentation for Cross-Region Replication, the only difference with cross-account scenarios is the bucket policy. The transfer would still have to be cross-region.
In a cross-account scenario in the same region, you can still grant access cross-account without needing the replication to a secondary bucket. If the concern is about security and compliance, you can restrict people’s ability to modify or delete things with bucket policy, track changes with versioning, and you also have Object Locks where compliance needs to be strictly enforced.
Hope this helps clarify a bit
Announced Sept 18th 2019, you can now replicate using SRR (Same Region Replication) as well as CRR. This will allow the source/target buckets to be in the same region. But then you’re not using CRR anymore… 😉