Amazon Simple Storage Service

2018/09/19 - Amazon Simple Storage Service - 2 updated api methods

Changes  S3 Cross Region Replication now allows customers to use S3 object tags to filter the scope of replication. By using S3 object tags, customers can identify individual objects for replication across AWS Regions for compliance and data protection. Cross Region Replication for S3 enables automatic and asynchronous replication of objects to another AWS Region, and with this release customers can replicate at a bucket level, prefix level or by using object tags.

GetBucketReplication (updated) Link ¶
Changes (response)
{'ReplicationConfiguration': {'Rules': {'DeleteMarkerReplication': {'Status': 'Enabled '
                                                                              '| '
                                                                              'Disabled'},
                                        'Filter': {'And': {'Prefix': 'string',
                                                           'Tags': [{'Key': 'string',
                                                                     'Value': 'string'}]},
                                                   'Prefix': 'string',
                                                   'Tag': {'Key': 'string',
                                                           'Value': 'string'}},
                                        'Priority': 'integer'}}}

Returns the replication configuration of a bucket.

See also: AWS API Documentation

Request Syntax

client.get_bucket_replication(
    Bucket='string'
)
type Bucket

string

param Bucket

[REQUIRED]

rtype

dict

returns

Response Syntax

{
    'ReplicationConfiguration': {
        'Role': 'string',
        'Rules': [
            {
                'ID': 'string',
                'Priority': 123,
                'Prefix': 'string',
                'Filter': {
                    'Prefix': 'string',
                    'Tag': {
                        'Key': 'string',
                        'Value': 'string'
                    },
                    'And': {
                        'Prefix': 'string',
                        'Tags': [
                            {
                                'Key': 'string',
                                'Value': 'string'
                            },
                        ]
                    }
                },
                'Status': 'Enabled'|'Disabled',
                'SourceSelectionCriteria': {
                    'SseKmsEncryptedObjects': {
                        'Status': 'Enabled'|'Disabled'
                    }
                },
                'Destination': {
                    'Bucket': 'string',
                    'Account': 'string',
                    'StorageClass': 'STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA'|'ONEZONE_IA',
                    'AccessControlTranslation': {
                        'Owner': 'Destination'
                    },
                    'EncryptionConfiguration': {
                        'ReplicaKmsKeyID': 'string'
                    }
                },
                'DeleteMarkerReplication': {
                    'Status': 'Enabled'|'Disabled'
                }
            },
        ]
    }
}

Response Structure

  • (dict) --

    • ReplicationConfiguration (dict) --

      Container for replication rules. You can add as many as 1,000 rules. Total replication configuration size can be up to 2 MB.

      • Role (string) --

        Amazon Resource Name (ARN) of an IAM role for Amazon S3 to assume when replicating the objects.

      • Rules (list) --

        Container for one or more replication rules. Replication configuration must have at least one rule and can contain up to 1,000 rules.

        • (dict) --

          Container for information about a particular replication rule.

          • ID (string) --

            Unique identifier for the rule. The value cannot be longer than 255 characters.

          • Priority (integer) --

            The priority associated with the rule. If you specify multiple rules in a replication configuration, then Amazon S3 applies rule priority in the event there are conflicts (two or more rules identify the same object based on filter specified). The rule with higher priority takes precedence. For example,

            • Same object quality prefix based filter criteria If prefixes you specified in multiple rules overlap.

            • Same object qualify tag based filter criteria specified in multiple rules

            For more information, see `Cross-Region Replication (CRR) < https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html>`__ in the Amazon S3 Developer Guide.

          • Prefix (string) --

            Object keyname prefix identifying one or more objects to which the rule applies. Maximum prefix length can be up to 1,024 characters.

          • Filter (dict) --

            Filter that identifies subset of objects to which the replication rule applies. A Filter must specify exactly one Prefix , Tag , or an And child element.

            • Prefix (string) --

              Object keyname prefix that identifies subset of objects to which the rule applies.

            • Tag (dict) --

              Container for specifying a tag key and value.

              The rule applies only to objects having the tag in its tagset.

              • Key (string) --

                Name of the tag.

              • Value (string) --

                Value of the tag.

            • And (dict) --

              Container for specifying rule filters. These filters determine the subset of objects to which the rule applies. The element is required only if you specify more than one filter. For example:

              • You specify both a Prefix and a Tag filters. Then you wrap these in an And tag.

              • You specify filter based on multiple tags. Then you wrap the Tag elements in an And tag.

              • Prefix (string) --

              • Tags (list) --

                • (dict) --

                  • Key (string) --

                    Name of the tag.

                  • Value (string) --

                    Value of the tag.

          • Status (string) --

            The rule is ignored if status is not Enabled.

          • SourceSelectionCriteria (dict) --

            Container that describes additional filters in identifying source objects that you want to replicate. Currently, Amazon S3 supports only the filter that you can specify for objects created with server-side encryption using an AWS KMS-managed key. You can choose to enable or disable replication of these objects.

            if you want Amazon S3 to replicate objects created with server-side encryption using AWS KMS-managed keys.

            • SseKmsEncryptedObjects (dict) --

              Container for filter information of selection of KMS Encrypted S3 objects. The element is required if you include SourceSelectionCriteria in the replication configuration.

              • Status (string) --

                The replication for KMS encrypted S3 objects is disabled if status is not Enabled.

          • Destination (dict) --

            Container for replication destination information.

            • Bucket (string) --

              Amazon resource name (ARN) of the bucket where you want Amazon S3 to store replicas of the object identified by the rule.

              If you have multiple rules in your replication configuration, all rules must specify the same bucket as the destination. A replication configuration can replicate objects only to one destination bucket.

            • Account (string) --

              Account ID of the destination bucket. Currently Amazon S3 verifies this value only if Access Control Translation is enabled.

              In a cross-account scenario, if you tell Amazon S3 to change replica ownership to the AWS account that owns the destination bucket by adding the AccessControlTranslation element, this is the account ID of the destination bucket owner.

            • StorageClass (string) --

              The class of storage used to store the object.

            • AccessControlTranslation (dict) --

              Container for information regarding the access control for replicas.

              Use only in a cross-account scenario, where source and destination bucket owners are not the same, when you want to change replica ownership to the AWS account that owns the destination bucket. If you don't add this element to the replication configuration, the replicas are owned by same AWS account that owns the source object.

              • Owner (string) --

                The override value for the owner of the replica object.

            • EncryptionConfiguration (dict) --

              Container that provides encryption-related information. You must specify this element if the SourceSelectionCriteria is specified.

              • ReplicaKmsKeyID (string) --

                The ID of the AWS KMS key for the region where the destination bucket resides. Amazon S3 uses this key to encrypt the replica object.

          • DeleteMarkerReplication (dict) --

            Specifies whether Amazon S3 should replicate delete makers.

            • Status (string) --

              The status of the delete marker replication.

              Note

              In the current implementation, Amazon S3 does not replicate the delete markers. Therefore, the status must be Disabled .

PutBucketReplication (updated) Link ¶
Changes (request)
{'ReplicationConfiguration': {'Rules': {'DeleteMarkerReplication': {'Status': 'Enabled '
                                                                              '| '
                                                                              'Disabled'},
                                        'Filter': {'And': {'Prefix': 'string',
                                                           'Tags': [{'Key': 'string',
                                                                     'Value': 'string'}]},
                                                   'Prefix': 'string',
                                                   'Tag': {'Key': 'string',
                                                           'Value': 'string'}},
                                        'Priority': 'integer'}}}

Creates a new replication configuration (or replaces an existing one, if present). For more information, see `Cross-Region Replication (CRR) < https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html>`__ in the Amazon S3 Developer Guide.

See also: AWS API Documentation

Request Syntax

client.put_bucket_replication(
    Bucket='string',
    ContentMD5='string',
    ReplicationConfiguration={
        'Role': 'string',
        'Rules': [
            {
                'ID': 'string',
                'Priority': 123,
                'Prefix': 'string',
                'Filter': {
                    'Prefix': 'string',
                    'Tag': {
                        'Key': 'string',
                        'Value': 'string'
                    },
                    'And': {
                        'Prefix': 'string',
                        'Tags': [
                            {
                                'Key': 'string',
                                'Value': 'string'
                            },
                        ]
                    }
                },
                'Status': 'Enabled'|'Disabled',
                'SourceSelectionCriteria': {
                    'SseKmsEncryptedObjects': {
                        'Status': 'Enabled'|'Disabled'
                    }
                },
                'Destination': {
                    'Bucket': 'string',
                    'Account': 'string',
                    'StorageClass': 'STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA'|'ONEZONE_IA',
                    'AccessControlTranslation': {
                        'Owner': 'Destination'
                    },
                    'EncryptionConfiguration': {
                        'ReplicaKmsKeyID': 'string'
                    }
                },
                'DeleteMarkerReplication': {
                    'Status': 'Enabled'|'Disabled'
                }
            },
        ]
    }
)
type Bucket

string

param Bucket

[REQUIRED]

type ContentMD5

string

param ContentMD5

type ReplicationConfiguration

dict

param ReplicationConfiguration

[REQUIRED]

Container for replication rules. You can add as many as 1,000 rules. Total replication configuration size can be up to 2 MB.

  • Role (string) -- [REQUIRED]

    Amazon Resource Name (ARN) of an IAM role for Amazon S3 to assume when replicating the objects.

  • Rules (list) -- [REQUIRED]

    Container for one or more replication rules. Replication configuration must have at least one rule and can contain up to 1,000 rules.

    • (dict) --

      Container for information about a particular replication rule.

      • ID (string) --

        Unique identifier for the rule. The value cannot be longer than 255 characters.

      • Priority (integer) --

        The priority associated with the rule. If you specify multiple rules in a replication configuration, then Amazon S3 applies rule priority in the event there are conflicts (two or more rules identify the same object based on filter specified). The rule with higher priority takes precedence. For example,

        • Same object quality prefix based filter criteria If prefixes you specified in multiple rules overlap.

        • Same object qualify tag based filter criteria specified in multiple rules

        For more information, see `Cross-Region Replication (CRR) < https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html>`__ in the Amazon S3 Developer Guide.

      • Prefix (string) --

        Object keyname prefix identifying one or more objects to which the rule applies. Maximum prefix length can be up to 1,024 characters.

      • Filter (dict) --

        Filter that identifies subset of objects to which the replication rule applies. A Filter must specify exactly one Prefix , Tag , or an And child element.

        • Prefix (string) --

          Object keyname prefix that identifies subset of objects to which the rule applies.

        • Tag (dict) --

          Container for specifying a tag key and value.

          The rule applies only to objects having the tag in its tagset.

          • Key (string) -- [REQUIRED]

            Name of the tag.

          • Value (string) -- [REQUIRED]

            Value of the tag.

        • And (dict) --

          Container for specifying rule filters. These filters determine the subset of objects to which the rule applies. The element is required only if you specify more than one filter. For example:

          • You specify both a Prefix and a Tag filters. Then you wrap these in an And tag.

          • You specify filter based on multiple tags. Then you wrap the Tag elements in an And tag.

          • Prefix (string) --

          • Tags (list) --

            • (dict) --

              • Key (string) -- [REQUIRED]

                Name of the tag.

              • Value (string) -- [REQUIRED]

                Value of the tag.

      • Status (string) -- [REQUIRED]

        The rule is ignored if status is not Enabled.

      • SourceSelectionCriteria (dict) --

        Container that describes additional filters in identifying source objects that you want to replicate. Currently, Amazon S3 supports only the filter that you can specify for objects created with server-side encryption using an AWS KMS-managed key. You can choose to enable or disable replication of these objects.

        if you want Amazon S3 to replicate objects created with server-side encryption using AWS KMS-managed keys.

        • SseKmsEncryptedObjects (dict) --

          Container for filter information of selection of KMS Encrypted S3 objects. The element is required if you include SourceSelectionCriteria in the replication configuration.

          • Status (string) -- [REQUIRED]

            The replication for KMS encrypted S3 objects is disabled if status is not Enabled.

      • Destination (dict) -- [REQUIRED]

        Container for replication destination information.

        • Bucket (string) -- [REQUIRED]

          Amazon resource name (ARN) of the bucket where you want Amazon S3 to store replicas of the object identified by the rule.

          If you have multiple rules in your replication configuration, all rules must specify the same bucket as the destination. A replication configuration can replicate objects only to one destination bucket.

        • Account (string) --

          Account ID of the destination bucket. Currently Amazon S3 verifies this value only if Access Control Translation is enabled.

          In a cross-account scenario, if you tell Amazon S3 to change replica ownership to the AWS account that owns the destination bucket by adding the AccessControlTranslation element, this is the account ID of the destination bucket owner.

        • StorageClass (string) --

          The class of storage used to store the object.

        • AccessControlTranslation (dict) --

          Container for information regarding the access control for replicas.

          Use only in a cross-account scenario, where source and destination bucket owners are not the same, when you want to change replica ownership to the AWS account that owns the destination bucket. If you don't add this element to the replication configuration, the replicas are owned by same AWS account that owns the source object.

          • Owner (string) -- [REQUIRED]

            The override value for the owner of the replica object.

        • EncryptionConfiguration (dict) --

          Container that provides encryption-related information. You must specify this element if the SourceSelectionCriteria is specified.

          • ReplicaKmsKeyID (string) --

            The ID of the AWS KMS key for the region where the destination bucket resides. Amazon S3 uses this key to encrypt the replica object.

      • DeleteMarkerReplication (dict) --

        Specifies whether Amazon S3 should replicate delete makers.

        • Status (string) --

          The status of the delete marker replication.

          Note

          In the current implementation, Amazon S3 does not replicate the delete markers. Therefore, the status must be Disabled .

returns

None