1. Packages
  2. AWS
  3. API Docs
  4. s3
  5. BucketReplicationConfig
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

aws.s3.BucketReplicationConfig

Explore with Pulumi AI

aws logo
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Provides an independent configuration resource for S3 bucket replication configuration.

    NOTE: S3 Buckets only support a single replication configuration. Declaring multiple aws.s3.BucketReplicationConfig resources to the same S3 Bucket will cause a perpetual difference in configuration.

    This resource cannot be used with S3 directory buckets.

    Example Usage

    Using replication configuration

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const assumeRole = aws.iam.getPolicyDocument({
        statements: [{
            effect: "Allow",
            principals: [{
                type: "Service",
                identifiers: ["s3.amazonaws.com"],
            }],
            actions: ["sts:AssumeRole"],
        }],
    });
    const replicationRole = new aws.iam.Role("replication", {
        name: "tf-iam-role-replication-12345",
        assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json),
    });
    const destination = new aws.s3.BucketV2("destination", {bucket: "tf-test-bucket-destination-12345"});
    const source = new aws.s3.BucketV2("source", {bucket: "tf-test-bucket-source-12345"});
    const replication = aws.iam.getPolicyDocumentOutput({
        statements: [
            {
                effect: "Allow",
                actions: [
                    "s3:GetReplicationConfiguration",
                    "s3:ListBucket",
                ],
                resources: [source.arn],
            },
            {
                effect: "Allow",
                actions: [
                    "s3:GetObjectVersionForReplication",
                    "s3:GetObjectVersionAcl",
                    "s3:GetObjectVersionTagging",
                ],
                resources: [pulumi.interpolate`${source.arn}/*`],
            },
            {
                effect: "Allow",
                actions: [
                    "s3:ReplicateObject",
                    "s3:ReplicateDelete",
                    "s3:ReplicateTags",
                ],
                resources: [pulumi.interpolate`${destination.arn}/*`],
            },
        ],
    });
    const replicationPolicy = new aws.iam.Policy("replication", {
        name: "tf-iam-role-policy-replication-12345",
        policy: replication.apply(replication => replication.json),
    });
    const replicationRolePolicyAttachment = new aws.iam.RolePolicyAttachment("replication", {
        role: replicationRole.name,
        policyArn: replicationPolicy.arn,
    });
    const destinationBucketVersioningV2 = new aws.s3.BucketVersioningV2("destination", {
        bucket: destination.id,
        versioningConfiguration: {
            status: "Enabled",
        },
    });
    const sourceBucketAcl = new aws.s3.BucketAclV2("source_bucket_acl", {
        bucket: source.id,
        acl: "private",
    });
    const sourceBucketVersioningV2 = new aws.s3.BucketVersioningV2("source", {
        bucket: source.id,
        versioningConfiguration: {
            status: "Enabled",
        },
    });
    const replicationBucketReplicationConfig = new aws.s3.BucketReplicationConfig("replication", {
        role: replicationRole.arn,
        bucket: source.id,
        rules: [{
            id: "foobar",
            filter: {
                prefix: "foo",
            },
            status: "Enabled",
            destination: {
                bucket: destination.arn,
                storageClass: "STANDARD",
            },
        }],
    }, {
        dependsOn: [sourceBucketVersioningV2],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    assume_role = aws.iam.get_policy_document(statements=[{
        "effect": "Allow",
        "principals": [{
            "type": "Service",
            "identifiers": ["s3.amazonaws.com"],
        }],
        "actions": ["sts:AssumeRole"],
    }])
    replication_role = aws.iam.Role("replication",
        name="tf-iam-role-replication-12345",
        assume_role_policy=assume_role.json)
    destination = aws.s3.BucketV2("destination", bucket="tf-test-bucket-destination-12345")
    source = aws.s3.BucketV2("source", bucket="tf-test-bucket-source-12345")
    replication = aws.iam.get_policy_document_output(statements=[
        {
            "effect": "Allow",
            "actions": [
                "s3:GetReplicationConfiguration",
                "s3:ListBucket",
            ],
            "resources": [source.arn],
        },
        {
            "effect": "Allow",
            "actions": [
                "s3:GetObjectVersionForReplication",
                "s3:GetObjectVersionAcl",
                "s3:GetObjectVersionTagging",
            ],
            "resources": [source.arn.apply(lambda arn: f"{arn}/*")],
        },
        {
            "effect": "Allow",
            "actions": [
                "s3:ReplicateObject",
                "s3:ReplicateDelete",
                "s3:ReplicateTags",
            ],
            "resources": [destination.arn.apply(lambda arn: f"{arn}/*")],
        },
    ])
    replication_policy = aws.iam.Policy("replication",
        name="tf-iam-role-policy-replication-12345",
        policy=replication.json)
    replication_role_policy_attachment = aws.iam.RolePolicyAttachment("replication",
        role=replication_role.name,
        policy_arn=replication_policy.arn)
    destination_bucket_versioning_v2 = aws.s3.BucketVersioningV2("destination",
        bucket=destination.id,
        versioning_configuration={
            "status": "Enabled",
        })
    source_bucket_acl = aws.s3.BucketAclV2("source_bucket_acl",
        bucket=source.id,
        acl="private")
    source_bucket_versioning_v2 = aws.s3.BucketVersioningV2("source",
        bucket=source.id,
        versioning_configuration={
            "status": "Enabled",
        })
    replication_bucket_replication_config = aws.s3.BucketReplicationConfig("replication",
        role=replication_role.arn,
        bucket=source.id,
        rules=[{
            "id": "foobar",
            "filter": {
                "prefix": "foo",
            },
            "status": "Enabled",
            "destination": {
                "bucket": destination.arn,
                "storage_class": "STANDARD",
            },
        }],
        opts = pulumi.ResourceOptions(depends_on=[source_bucket_versioning_v2]))
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
    			Statements: []iam.GetPolicyDocumentStatement{
    				{
    					Effect: pulumi.StringRef("Allow"),
    					Principals: []iam.GetPolicyDocumentStatementPrincipal{
    						{
    							Type: "Service",
    							Identifiers: []string{
    								"s3.amazonaws.com",
    							},
    						},
    					},
    					Actions: []string{
    						"sts:AssumeRole",
    					},
    				},
    			},
    		}, nil)
    		if err != nil {
    			return err
    		}
    		replicationRole, err := iam.NewRole(ctx, "replication", &iam.RoleArgs{
    			Name:             pulumi.String("tf-iam-role-replication-12345"),
    			AssumeRolePolicy: pulumi.String(assumeRole.Json),
    		})
    		if err != nil {
    			return err
    		}
    		destination, err := s3.NewBucketV2(ctx, "destination", &s3.BucketV2Args{
    			Bucket: pulumi.String("tf-test-bucket-destination-12345"),
    		})
    		if err != nil {
    			return err
    		}
    		source, err := s3.NewBucketV2(ctx, "source", &s3.BucketV2Args{
    			Bucket: pulumi.String("tf-test-bucket-source-12345"),
    		})
    		if err != nil {
    			return err
    		}
    		replication := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
    			Statements: iam.GetPolicyDocumentStatementArray{
    				&iam.GetPolicyDocumentStatementArgs{
    					Effect: pulumi.String("Allow"),
    					Actions: pulumi.StringArray{
    						pulumi.String("s3:GetReplicationConfiguration"),
    						pulumi.String("s3:ListBucket"),
    					},
    					Resources: pulumi.StringArray{
    						source.Arn,
    					},
    				},
    				&iam.GetPolicyDocumentStatementArgs{
    					Effect: pulumi.String("Allow"),
    					Actions: pulumi.StringArray{
    						pulumi.String("s3:GetObjectVersionForReplication"),
    						pulumi.String("s3:GetObjectVersionAcl"),
    						pulumi.String("s3:GetObjectVersionTagging"),
    					},
    					Resources: pulumi.StringArray{
    						source.Arn.ApplyT(func(arn string) (string, error) {
    							return fmt.Sprintf("%v/*", arn), nil
    						}).(pulumi.StringOutput),
    					},
    				},
    				&iam.GetPolicyDocumentStatementArgs{
    					Effect: pulumi.String("Allow"),
    					Actions: pulumi.StringArray{
    						pulumi.String("s3:ReplicateObject"),
    						pulumi.String("s3:ReplicateDelete"),
    						pulumi.String("s3:ReplicateTags"),
    					},
    					Resources: pulumi.StringArray{
    						destination.Arn.ApplyT(func(arn string) (string, error) {
    							return fmt.Sprintf("%v/*", arn), nil
    						}).(pulumi.StringOutput),
    					},
    				},
    			},
    		}, nil)
    		replicationPolicy, err := iam.NewPolicy(ctx, "replication", &iam.PolicyArgs{
    			Name: pulumi.String("tf-iam-role-policy-replication-12345"),
    			Policy: pulumi.String(replication.ApplyT(func(replication iam.GetPolicyDocumentResult) (*string, error) {
    				return &replication.Json, nil
    			}).(pulumi.StringPtrOutput)),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = iam.NewRolePolicyAttachment(ctx, "replication", &iam.RolePolicyAttachmentArgs{
    			Role:      replicationRole.Name,
    			PolicyArn: replicationPolicy.Arn,
    		})
    		if err != nil {
    			return err
    		}
    		_, err = s3.NewBucketVersioningV2(ctx, "destination", &s3.BucketVersioningV2Args{
    			Bucket: destination.ID(),
    			VersioningConfiguration: &s3.BucketVersioningV2VersioningConfigurationArgs{
    				Status: pulumi.String("Enabled"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = s3.NewBucketAclV2(ctx, "source_bucket_acl", &s3.BucketAclV2Args{
    			Bucket: source.ID(),
    			Acl:    pulumi.String("private"),
    		})
    		if err != nil {
    			return err
    		}
    		sourceBucketVersioningV2, err := s3.NewBucketVersioningV2(ctx, "source", &s3.BucketVersioningV2Args{
    			Bucket: source.ID(),
    			VersioningConfiguration: &s3.BucketVersioningV2VersioningConfigurationArgs{
    				Status: pulumi.String("Enabled"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = s3.NewBucketReplicationConfig(ctx, "replication", &s3.BucketReplicationConfigArgs{
    			Role:   replicationRole.Arn,
    			Bucket: source.ID(),
    			Rules: s3.BucketReplicationConfigRuleArray{
    				&s3.BucketReplicationConfigRuleArgs{
    					Id: pulumi.String("foobar"),
    					Filter: &s3.BucketReplicationConfigRuleFilterArgs{
    						Prefix: pulumi.String("foo"),
    					},
    					Status: pulumi.String("Enabled"),
    					Destination: &s3.BucketReplicationConfigRuleDestinationArgs{
    						Bucket:       destination.Arn,
    						StorageClass: pulumi.String("STANDARD"),
    					},
    				},
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			sourceBucketVersioningV2,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
        {
            Statements = new[]
            {
                new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                {
                    Effect = "Allow",
                    Principals = new[]
                    {
                        new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                        {
                            Type = "Service",
                            Identifiers = new[]
                            {
                                "s3.amazonaws.com",
                            },
                        },
                    },
                    Actions = new[]
                    {
                        "sts:AssumeRole",
                    },
                },
            },
        });
    
        var replicationRole = new Aws.Iam.Role("replication", new()
        {
            Name = "tf-iam-role-replication-12345",
            AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        });
    
        var destination = new Aws.S3.BucketV2("destination", new()
        {
            Bucket = "tf-test-bucket-destination-12345",
        });
    
        var source = new Aws.S3.BucketV2("source", new()
        {
            Bucket = "tf-test-bucket-source-12345",
        });
    
        var replication = Aws.Iam.GetPolicyDocument.Invoke(new()
        {
            Statements = new[]
            {
                new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                {
                    Effect = "Allow",
                    Actions = new[]
                    {
                        "s3:GetReplicationConfiguration",
                        "s3:ListBucket",
                    },
                    Resources = new[]
                    {
                        source.Arn,
                    },
                },
                new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                {
                    Effect = "Allow",
                    Actions = new[]
                    {
                        "s3:GetObjectVersionForReplication",
                        "s3:GetObjectVersionAcl",
                        "s3:GetObjectVersionTagging",
                    },
                    Resources = new[]
                    {
                        $"{source.Arn}/*",
                    },
                },
                new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                {
                    Effect = "Allow",
                    Actions = new[]
                    {
                        "s3:ReplicateObject",
                        "s3:ReplicateDelete",
                        "s3:ReplicateTags",
                    },
                    Resources = new[]
                    {
                        $"{destination.Arn}/*",
                    },
                },
            },
        });
    
        var replicationPolicy = new Aws.Iam.Policy("replication", new()
        {
            Name = "tf-iam-role-policy-replication-12345",
            PolicyDocument = replication.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        });
    
        var replicationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("replication", new()
        {
            Role = replicationRole.Name,
            PolicyArn = replicationPolicy.Arn,
        });
    
        var destinationBucketVersioningV2 = new Aws.S3.BucketVersioningV2("destination", new()
        {
            Bucket = destination.Id,
            VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs
            {
                Status = "Enabled",
            },
        });
    
        var sourceBucketAcl = new Aws.S3.BucketAclV2("source_bucket_acl", new()
        {
            Bucket = source.Id,
            Acl = "private",
        });
    
        var sourceBucketVersioningV2 = new Aws.S3.BucketVersioningV2("source", new()
        {
            Bucket = source.Id,
            VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs
            {
                Status = "Enabled",
            },
        });
    
        var replicationBucketReplicationConfig = new Aws.S3.BucketReplicationConfig("replication", new()
        {
            Role = replicationRole.Arn,
            Bucket = source.Id,
            Rules = new[]
            {
                new Aws.S3.Inputs.BucketReplicationConfigRuleArgs
                {
                    Id = "foobar",
                    Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs
                    {
                        Prefix = "foo",
                    },
                    Status = "Enabled",
                    Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs
                    {
                        Bucket = destination.Arn,
                        StorageClass = "STANDARD",
                    },
                },
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                sourceBucketVersioningV2,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.iam.IamFunctions;
    import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
    import com.pulumi.aws.iam.Role;
    import com.pulumi.aws.iam.RoleArgs;
    import com.pulumi.aws.s3.BucketV2;
    import com.pulumi.aws.s3.BucketV2Args;
    import com.pulumi.aws.iam.Policy;
    import com.pulumi.aws.iam.PolicyArgs;
    import com.pulumi.aws.iam.RolePolicyAttachment;
    import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
    import com.pulumi.aws.s3.BucketVersioningV2;
    import com.pulumi.aws.s3.BucketVersioningV2Args;
    import com.pulumi.aws.s3.inputs.BucketVersioningV2VersioningConfigurationArgs;
    import com.pulumi.aws.s3.BucketAclV2;
    import com.pulumi.aws.s3.BucketAclV2Args;
    import com.pulumi.aws.s3.BucketReplicationConfig;
    import com.pulumi.aws.s3.BucketReplicationConfigArgs;
    import com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleArgs;
    import com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleFilterArgs;
    import com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleDestinationArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
                .statements(GetPolicyDocumentStatementArgs.builder()
                    .effect("Allow")
                    .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                        .type("Service")
                        .identifiers("s3.amazonaws.com")
                        .build())
                    .actions("sts:AssumeRole")
                    .build())
                .build());
    
            var replicationRole = new Role("replicationRole", RoleArgs.builder()
                .name("tf-iam-role-replication-12345")
                .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
                .build());
    
            var destination = new BucketV2("destination", BucketV2Args.builder()
                .bucket("tf-test-bucket-destination-12345")
                .build());
    
            var source = new BucketV2("source", BucketV2Args.builder()
                .bucket("tf-test-bucket-source-12345")
                .build());
    
            final var replication = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
                .statements(            
                    GetPolicyDocumentStatementArgs.builder()
                        .effect("Allow")
                        .actions(                    
                            "s3:GetReplicationConfiguration",
                            "s3:ListBucket")
                        .resources(source.arn())
                        .build(),
                    GetPolicyDocumentStatementArgs.builder()
                        .effect("Allow")
                        .actions(                    
                            "s3:GetObjectVersionForReplication",
                            "s3:GetObjectVersionAcl",
                            "s3:GetObjectVersionTagging")
                        .resources(source.arn().applyValue(arn -> String.format("%s/*", arn)))
                        .build(),
                    GetPolicyDocumentStatementArgs.builder()
                        .effect("Allow")
                        .actions(                    
                            "s3:ReplicateObject",
                            "s3:ReplicateDelete",
                            "s3:ReplicateTags")
                        .resources(destination.arn().applyValue(arn -> String.format("%s/*", arn)))
                        .build())
                .build());
    
            var replicationPolicy = new Policy("replicationPolicy", PolicyArgs.builder()
                .name("tf-iam-role-policy-replication-12345")
                .policy(replication.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(replication -> replication.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
                .build());
    
            var replicationRolePolicyAttachment = new RolePolicyAttachment("replicationRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
                .role(replicationRole.name())
                .policyArn(replicationPolicy.arn())
                .build());
    
            var destinationBucketVersioningV2 = new BucketVersioningV2("destinationBucketVersioningV2", BucketVersioningV2Args.builder()
                .bucket(destination.id())
                .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()
                    .status("Enabled")
                    .build())
                .build());
    
            var sourceBucketAcl = new BucketAclV2("sourceBucketAcl", BucketAclV2Args.builder()
                .bucket(source.id())
                .acl("private")
                .build());
    
            var sourceBucketVersioningV2 = new BucketVersioningV2("sourceBucketVersioningV2", BucketVersioningV2Args.builder()
                .bucket(source.id())
                .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()
                    .status("Enabled")
                    .build())
                .build());
    
            var replicationBucketReplicationConfig = new BucketReplicationConfig("replicationBucketReplicationConfig", BucketReplicationConfigArgs.builder()
                .role(replicationRole.arn())
                .bucket(source.id())
                .rules(BucketReplicationConfigRuleArgs.builder()
                    .id("foobar")
                    .filter(BucketReplicationConfigRuleFilterArgs.builder()
                        .prefix("foo")
                        .build())
                    .status("Enabled")
                    .destination(BucketReplicationConfigRuleDestinationArgs.builder()
                        .bucket(destination.arn())
                        .storageClass("STANDARD")
                        .build())
                    .build())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(sourceBucketVersioningV2)
                    .build());
    
        }
    }
    
    resources:
      replicationRole:
        type: aws:iam:Role
        name: replication
        properties:
          name: tf-iam-role-replication-12345
          assumeRolePolicy: ${assumeRole.json}
      replicationPolicy:
        type: aws:iam:Policy
        name: replication
        properties:
          name: tf-iam-role-policy-replication-12345
          policy: ${replication.json}
      replicationRolePolicyAttachment:
        type: aws:iam:RolePolicyAttachment
        name: replication
        properties:
          role: ${replicationRole.name}
          policyArn: ${replicationPolicy.arn}
      destination:
        type: aws:s3:BucketV2
        properties:
          bucket: tf-test-bucket-destination-12345
      destinationBucketVersioningV2:
        type: aws:s3:BucketVersioningV2
        name: destination
        properties:
          bucket: ${destination.id}
          versioningConfiguration:
            status: Enabled
      source:
        type: aws:s3:BucketV2
        properties:
          bucket: tf-test-bucket-source-12345
      sourceBucketAcl:
        type: aws:s3:BucketAclV2
        name: source_bucket_acl
        properties:
          bucket: ${source.id}
          acl: private
      sourceBucketVersioningV2:
        type: aws:s3:BucketVersioningV2
        name: source
        properties:
          bucket: ${source.id}
          versioningConfiguration:
            status: Enabled
      replicationBucketReplicationConfig:
        type: aws:s3:BucketReplicationConfig
        name: replication
        properties:
          role: ${replicationRole.arn}
          bucket: ${source.id}
          rules:
            - id: foobar
              filter:
                prefix: foo
              status: Enabled
              destination:
                bucket: ${destination.arn}
                storageClass: STANDARD
        options:
          dependson:
            - ${sourceBucketVersioningV2}
    variables:
      assumeRole:
        fn::invoke:
          Function: aws:iam:getPolicyDocument
          Arguments:
            statements:
              - effect: Allow
                principals:
                  - type: Service
                    identifiers:
                      - s3.amazonaws.com
                actions:
                  - sts:AssumeRole
      replication:
        fn::invoke:
          Function: aws:iam:getPolicyDocument
          Arguments:
            statements:
              - effect: Allow
                actions:
                  - s3:GetReplicationConfiguration
                  - s3:ListBucket
                resources:
                  - ${source.arn}
              - effect: Allow
                actions:
                  - s3:GetObjectVersionForReplication
                  - s3:GetObjectVersionAcl
                  - s3:GetObjectVersionTagging
                resources:
                  - ${source.arn}/*
              - effect: Allow
                actions:
                  - s3:ReplicateObject
                  - s3:ReplicateDelete
                  - s3:ReplicateTags
                resources:
                  - ${destination.arn}/*
    

    Bi-Directional Replication

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    // ... other configuration ...
    const east = new aws.s3.BucketV2("east", {bucket: "tf-test-bucket-east-12345"});
    const eastBucketVersioningV2 = new aws.s3.BucketVersioningV2("east", {
        bucket: east.id,
        versioningConfiguration: {
            status: "Enabled",
        },
    });
    const west = new aws.s3.BucketV2("west", {bucket: "tf-test-bucket-west-12345"});
    const westBucketVersioningV2 = new aws.s3.BucketVersioningV2("west", {
        bucket: west.id,
        versioningConfiguration: {
            status: "Enabled",
        },
    });
    const eastToWest = new aws.s3.BucketReplicationConfig("east_to_west", {
        role: eastReplication.arn,
        bucket: east.id,
        rules: [{
            id: "foobar",
            filter: {
                prefix: "foo",
            },
            status: "Enabled",
            destination: {
                bucket: west.arn,
                storageClass: "STANDARD",
            },
        }],
    }, {
        dependsOn: [eastBucketVersioningV2],
    });
    const westToEast = new aws.s3.BucketReplicationConfig("west_to_east", {
        role: westReplication.arn,
        bucket: west.id,
        rules: [{
            id: "foobar",
            filter: {
                prefix: "foo",
            },
            status: "Enabled",
            destination: {
                bucket: east.arn,
                storageClass: "STANDARD",
            },
        }],
    }, {
        dependsOn: [westBucketVersioningV2],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    # ... other configuration ...
    east = aws.s3.BucketV2("east", bucket="tf-test-bucket-east-12345")
    east_bucket_versioning_v2 = aws.s3.BucketVersioningV2("east",
        bucket=east.id,
        versioning_configuration={
            "status": "Enabled",
        })
    west = aws.s3.BucketV2("west", bucket="tf-test-bucket-west-12345")
    west_bucket_versioning_v2 = aws.s3.BucketVersioningV2("west",
        bucket=west.id,
        versioning_configuration={
            "status": "Enabled",
        })
    east_to_west = aws.s3.BucketReplicationConfig("east_to_west",
        role=east_replication["arn"],
        bucket=east.id,
        rules=[{
            "id": "foobar",
            "filter": {
                "prefix": "foo",
            },
            "status": "Enabled",
            "destination": {
                "bucket": west.arn,
                "storage_class": "STANDARD",
            },
        }],
        opts = pulumi.ResourceOptions(depends_on=[east_bucket_versioning_v2]))
    west_to_east = aws.s3.BucketReplicationConfig("west_to_east",
        role=west_replication["arn"],
        bucket=west.id,
        rules=[{
            "id": "foobar",
            "filter": {
                "prefix": "foo",
            },
            "status": "Enabled",
            "destination": {
                "bucket": east.arn,
                "storage_class": "STANDARD",
            },
        }],
        opts = pulumi.ResourceOptions(depends_on=[west_bucket_versioning_v2]))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// ... other configuration ...
    		east, err := s3.NewBucketV2(ctx, "east", &s3.BucketV2Args{
    			Bucket: pulumi.String("tf-test-bucket-east-12345"),
    		})
    		if err != nil {
    			return err
    		}
    		eastBucketVersioningV2, err := s3.NewBucketVersioningV2(ctx, "east", &s3.BucketVersioningV2Args{
    			Bucket: east.ID(),
    			VersioningConfiguration: &s3.BucketVersioningV2VersioningConfigurationArgs{
    				Status: pulumi.String("Enabled"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		west, err := s3.NewBucketV2(ctx, "west", &s3.BucketV2Args{
    			Bucket: pulumi.String("tf-test-bucket-west-12345"),
    		})
    		if err != nil {
    			return err
    		}
    		westBucketVersioningV2, err := s3.NewBucketVersioningV2(ctx, "west", &s3.BucketVersioningV2Args{
    			Bucket: west.ID(),
    			VersioningConfiguration: &s3.BucketVersioningV2VersioningConfigurationArgs{
    				Status: pulumi.String("Enabled"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = s3.NewBucketReplicationConfig(ctx, "east_to_west", &s3.BucketReplicationConfigArgs{
    			Role:   pulumi.Any(eastReplication.Arn),
    			Bucket: east.ID(),
    			Rules: s3.BucketReplicationConfigRuleArray{
    				&s3.BucketReplicationConfigRuleArgs{
    					Id: pulumi.String("foobar"),
    					Filter: &s3.BucketReplicationConfigRuleFilterArgs{
    						Prefix: pulumi.String("foo"),
    					},
    					Status: pulumi.String("Enabled"),
    					Destination: &s3.BucketReplicationConfigRuleDestinationArgs{
    						Bucket:       west.Arn,
    						StorageClass: pulumi.String("STANDARD"),
    					},
    				},
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			eastBucketVersioningV2,
    		}))
    		if err != nil {
    			return err
    		}
    		_, err = s3.NewBucketReplicationConfig(ctx, "west_to_east", &s3.BucketReplicationConfigArgs{
    			Role:   pulumi.Any(westReplication.Arn),
    			Bucket: west.ID(),
    			Rules: s3.BucketReplicationConfigRuleArray{
    				&s3.BucketReplicationConfigRuleArgs{
    					Id: pulumi.String("foobar"),
    					Filter: &s3.BucketReplicationConfigRuleFilterArgs{
    						Prefix: pulumi.String("foo"),
    					},
    					Status: pulumi.String("Enabled"),
    					Destination: &s3.BucketReplicationConfigRuleDestinationArgs{
    						Bucket:       east.Arn,
    						StorageClass: pulumi.String("STANDARD"),
    					},
    				},
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			westBucketVersioningV2,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        // ... other configuration ...
        var east = new Aws.S3.BucketV2("east", new()
        {
            Bucket = "tf-test-bucket-east-12345",
        });
    
        var eastBucketVersioningV2 = new Aws.S3.BucketVersioningV2("east", new()
        {
            Bucket = east.Id,
            VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs
            {
                Status = "Enabled",
            },
        });
    
        var west = new Aws.S3.BucketV2("west", new()
        {
            Bucket = "tf-test-bucket-west-12345",
        });
    
        var westBucketVersioningV2 = new Aws.S3.BucketVersioningV2("west", new()
        {
            Bucket = west.Id,
            VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs
            {
                Status = "Enabled",
            },
        });
    
        var eastToWest = new Aws.S3.BucketReplicationConfig("east_to_west", new()
        {
            Role = eastReplication.Arn,
            Bucket = east.Id,
            Rules = new[]
            {
                new Aws.S3.Inputs.BucketReplicationConfigRuleArgs
                {
                    Id = "foobar",
                    Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs
                    {
                        Prefix = "foo",
                    },
                    Status = "Enabled",
                    Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs
                    {
                        Bucket = west.Arn,
                        StorageClass = "STANDARD",
                    },
                },
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                eastBucketVersioningV2,
            },
        });
    
        var westToEast = new Aws.S3.BucketReplicationConfig("west_to_east", new()
        {
            Role = westReplication.Arn,
            Bucket = west.Id,
            Rules = new[]
            {
                new Aws.S3.Inputs.BucketReplicationConfigRuleArgs
                {
                    Id = "foobar",
                    Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs
                    {
                        Prefix = "foo",
                    },
                    Status = "Enabled",
                    Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs
                    {
                        Bucket = east.Arn,
                        StorageClass = "STANDARD",
                    },
                },
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                westBucketVersioningV2,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.s3.BucketV2;
    import com.pulumi.aws.s3.BucketV2Args;
    import com.pulumi.aws.s3.BucketVersioningV2;
    import com.pulumi.aws.s3.BucketVersioningV2Args;
    import com.pulumi.aws.s3.inputs.BucketVersioningV2VersioningConfigurationArgs;
    import com.pulumi.aws.s3.BucketReplicationConfig;
    import com.pulumi.aws.s3.BucketReplicationConfigArgs;
    import com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleArgs;
    import com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleFilterArgs;
    import com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleDestinationArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // ... other configuration ...
            var east = new BucketV2("east", BucketV2Args.builder()
                .bucket("tf-test-bucket-east-12345")
                .build());
    
            var eastBucketVersioningV2 = new BucketVersioningV2("eastBucketVersioningV2", BucketVersioningV2Args.builder()
                .bucket(east.id())
                .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()
                    .status("Enabled")
                    .build())
                .build());
    
            var west = new BucketV2("west", BucketV2Args.builder()
                .bucket("tf-test-bucket-west-12345")
                .build());
    
            var westBucketVersioningV2 = new BucketVersioningV2("westBucketVersioningV2", BucketVersioningV2Args.builder()
                .bucket(west.id())
                .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()
                    .status("Enabled")
                    .build())
                .build());
    
            var eastToWest = new BucketReplicationConfig("eastToWest", BucketReplicationConfigArgs.builder()
                .role(eastReplication.arn())
                .bucket(east.id())
                .rules(BucketReplicationConfigRuleArgs.builder()
                    .id("foobar")
                    .filter(BucketReplicationConfigRuleFilterArgs.builder()
                        .prefix("foo")
                        .build())
                    .status("Enabled")
                    .destination(BucketReplicationConfigRuleDestinationArgs.builder()
                        .bucket(west.arn())
                        .storageClass("STANDARD")
                        .build())
                    .build())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(eastBucketVersioningV2)
                    .build());
    
            var westToEast = new BucketReplicationConfig("westToEast", BucketReplicationConfigArgs.builder()
                .role(westReplication.arn())
                .bucket(west.id())
                .rules(BucketReplicationConfigRuleArgs.builder()
                    .id("foobar")
                    .filter(BucketReplicationConfigRuleFilterArgs.builder()
                        .prefix("foo")
                        .build())
                    .status("Enabled")
                    .destination(BucketReplicationConfigRuleDestinationArgs.builder()
                        .bucket(east.arn())
                        .storageClass("STANDARD")
                        .build())
                    .build())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(westBucketVersioningV2)
                    .build());
    
        }
    }
    
    resources:
      # ... other configuration ...
      east:
        type: aws:s3:BucketV2
        properties:
          bucket: tf-test-bucket-east-12345
      eastBucketVersioningV2:
        type: aws:s3:BucketVersioningV2
        name: east
        properties:
          bucket: ${east.id}
          versioningConfiguration:
            status: Enabled
      west:
        type: aws:s3:BucketV2
        properties:
          bucket: tf-test-bucket-west-12345
      westBucketVersioningV2:
        type: aws:s3:BucketVersioningV2
        name: west
        properties:
          bucket: ${west.id}
          versioningConfiguration:
            status: Enabled
      eastToWest:
        type: aws:s3:BucketReplicationConfig
        name: east_to_west
        properties:
          role: ${eastReplication.arn}
          bucket: ${east.id}
          rules:
            - id: foobar
              filter:
                prefix: foo
              status: Enabled
              destination:
                bucket: ${west.arn}
                storageClass: STANDARD
        options:
          dependson:
            - ${eastBucketVersioningV2}
      westToEast:
        type: aws:s3:BucketReplicationConfig
        name: west_to_east
        properties:
          role: ${westReplication.arn}
          bucket: ${west.id}
          rules:
            - id: foobar
              filter:
                prefix: foo
              status: Enabled
              destination:
                bucket: ${east.arn}
                storageClass: STANDARD
        options:
          dependson:
            - ${westBucketVersioningV2}
    

    Create BucketReplicationConfig Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new BucketReplicationConfig(name: string, args: BucketReplicationConfigArgs, opts?: CustomResourceOptions);
    @overload
    def BucketReplicationConfig(resource_name: str,
                                args: BucketReplicationConfigArgs,
                                opts: Optional[ResourceOptions] = None)
    
    @overload
    def BucketReplicationConfig(resource_name: str,
                                opts: Optional[ResourceOptions] = None,
                                bucket: Optional[str] = None,
                                role: Optional[str] = None,
                                rules: Optional[Sequence[BucketReplicationConfigRuleArgs]] = None,
                                token: Optional[str] = None)
    func NewBucketReplicationConfig(ctx *Context, name string, args BucketReplicationConfigArgs, opts ...ResourceOption) (*BucketReplicationConfig, error)
    public BucketReplicationConfig(string name, BucketReplicationConfigArgs args, CustomResourceOptions? opts = null)
    public BucketReplicationConfig(String name, BucketReplicationConfigArgs args)
    public BucketReplicationConfig(String name, BucketReplicationConfigArgs args, CustomResourceOptions options)
    
    type: aws:s3:BucketReplicationConfig
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args BucketReplicationConfigArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args BucketReplicationConfigArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args BucketReplicationConfigArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args BucketReplicationConfigArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args BucketReplicationConfigArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var bucketReplicationConfigResource = new Aws.S3.BucketReplicationConfig("bucketReplicationConfigResource", new()
    {
        Bucket = "string",
        Role = "string",
        Rules = new[]
        {
            new Aws.S3.Inputs.BucketReplicationConfigRuleArgs
            {
                Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs
                {
                    Bucket = "string",
                    AccessControlTranslation = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationAccessControlTranslationArgs
                    {
                        Owner = "string",
                    },
                    Account = "string",
                    EncryptionConfiguration = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationEncryptionConfigurationArgs
                    {
                        ReplicaKmsKeyId = "string",
                    },
                    Metrics = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationMetricsArgs
                    {
                        Status = "string",
                        EventThreshold = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationMetricsEventThresholdArgs
                        {
                            Minutes = 0,
                        },
                    },
                    ReplicationTime = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationReplicationTimeArgs
                    {
                        Status = "string",
                        Time = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationReplicationTimeTimeArgs
                        {
                            Minutes = 0,
                        },
                    },
                    StorageClass = "string",
                },
                Status = "string",
                DeleteMarkerReplication = new Aws.S3.Inputs.BucketReplicationConfigRuleDeleteMarkerReplicationArgs
                {
                    Status = "string",
                },
                ExistingObjectReplication = new Aws.S3.Inputs.BucketReplicationConfigRuleExistingObjectReplicationArgs
                {
                    Status = "string",
                },
                Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs
                {
                    And = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterAndArgs
                    {
                        Prefix = "string",
                        Tags = 
                        {
                            { "string", "string" },
                        },
                    },
                    Prefix = "string",
                    Tag = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterTagArgs
                    {
                        Key = "string",
                        Value = "string",
                    },
                },
                Id = "string",
                Priority = 0,
                SourceSelectionCriteria = new Aws.S3.Inputs.BucketReplicationConfigRuleSourceSelectionCriteriaArgs
                {
                    ReplicaModifications = new Aws.S3.Inputs.BucketReplicationConfigRuleSourceSelectionCriteriaReplicaModificationsArgs
                    {
                        Status = "string",
                    },
                    SseKmsEncryptedObjects = new Aws.S3.Inputs.BucketReplicationConfigRuleSourceSelectionCriteriaSseKmsEncryptedObjectsArgs
                    {
                        Status = "string",
                    },
                },
            },
        },
        Token = "string",
    });
    
    example, err := s3.NewBucketReplicationConfig(ctx, "bucketReplicationConfigResource", &s3.BucketReplicationConfigArgs{
    	Bucket: pulumi.String("string"),
    	Role:   pulumi.String("string"),
    	Rules: s3.BucketReplicationConfigRuleArray{
    		&s3.BucketReplicationConfigRuleArgs{
    			Destination: &s3.BucketReplicationConfigRuleDestinationArgs{
    				Bucket: pulumi.String("string"),
    				AccessControlTranslation: &s3.BucketReplicationConfigRuleDestinationAccessControlTranslationArgs{
    					Owner: pulumi.String("string"),
    				},
    				Account: pulumi.String("string"),
    				EncryptionConfiguration: &s3.BucketReplicationConfigRuleDestinationEncryptionConfigurationArgs{
    					ReplicaKmsKeyId: pulumi.String("string"),
    				},
    				Metrics: &s3.BucketReplicationConfigRuleDestinationMetricsArgs{
    					Status: pulumi.String("string"),
    					EventThreshold: &s3.BucketReplicationConfigRuleDestinationMetricsEventThresholdArgs{
    						Minutes: pulumi.Int(0),
    					},
    				},
    				ReplicationTime: &s3.BucketReplicationConfigRuleDestinationReplicationTimeArgs{
    					Status: pulumi.String("string"),
    					Time: &s3.BucketReplicationConfigRuleDestinationReplicationTimeTimeArgs{
    						Minutes: pulumi.Int(0),
    					},
    				},
    				StorageClass: pulumi.String("string"),
    			},
    			Status: pulumi.String("string"),
    			DeleteMarkerReplication: &s3.BucketReplicationConfigRuleDeleteMarkerReplicationArgs{
    				Status: pulumi.String("string"),
    			},
    			ExistingObjectReplication: &s3.BucketReplicationConfigRuleExistingObjectReplicationArgs{
    				Status: pulumi.String("string"),
    			},
    			Filter: &s3.BucketReplicationConfigRuleFilterArgs{
    				And: &s3.BucketReplicationConfigRuleFilterAndArgs{
    					Prefix: pulumi.String("string"),
    					Tags: pulumi.StringMap{
    						"string": pulumi.String("string"),
    					},
    				},
    				Prefix: pulumi.String("string"),
    				Tag: &s3.BucketReplicationConfigRuleFilterTagArgs{
    					Key:   pulumi.String("string"),
    					Value: pulumi.String("string"),
    				},
    			},
    			Id:       pulumi.String("string"),
    			Priority: pulumi.Int(0),
    			SourceSelectionCriteria: &s3.BucketReplicationConfigRuleSourceSelectionCriteriaArgs{
    				ReplicaModifications: &s3.BucketReplicationConfigRuleSourceSelectionCriteriaReplicaModificationsArgs{
    					Status: pulumi.String("string"),
    				},
    				SseKmsEncryptedObjects: &s3.BucketReplicationConfigRuleSourceSelectionCriteriaSseKmsEncryptedObjectsArgs{
    					Status: pulumi.String("string"),
    				},
    			},
    		},
    	},
    	Token: pulumi.String("string"),
    })
    
    var bucketReplicationConfigResource = new BucketReplicationConfig("bucketReplicationConfigResource", BucketReplicationConfigArgs.builder()
        .bucket("string")
        .role("string")
        .rules(BucketReplicationConfigRuleArgs.builder()
            .destination(BucketReplicationConfigRuleDestinationArgs.builder()
                .bucket("string")
                .accessControlTranslation(BucketReplicationConfigRuleDestinationAccessControlTranslationArgs.builder()
                    .owner("string")
                    .build())
                .account("string")
                .encryptionConfiguration(BucketReplicationConfigRuleDestinationEncryptionConfigurationArgs.builder()
                    .replicaKmsKeyId("string")
                    .build())
                .metrics(BucketReplicationConfigRuleDestinationMetricsArgs.builder()
                    .status("string")
                    .eventThreshold(BucketReplicationConfigRuleDestinationMetricsEventThresholdArgs.builder()
                        .minutes(0)
                        .build())
                    .build())
                .replicationTime(BucketReplicationConfigRuleDestinationReplicationTimeArgs.builder()
                    .status("string")
                    .time(BucketReplicationConfigRuleDestinationReplicationTimeTimeArgs.builder()
                        .minutes(0)
                        .build())
                    .build())
                .storageClass("string")
                .build())
            .status("string")
            .deleteMarkerReplication(BucketReplicationConfigRuleDeleteMarkerReplicationArgs.builder()
                .status("string")
                .build())
            .existingObjectReplication(BucketReplicationConfigRuleExistingObjectReplicationArgs.builder()
                .status("string")
                .build())
            .filter(BucketReplicationConfigRuleFilterArgs.builder()
                .and(BucketReplicationConfigRuleFilterAndArgs.builder()
                    .prefix("string")
                    .tags(Map.of("string", "string"))
                    .build())
                .prefix("string")
                .tag(BucketReplicationConfigRuleFilterTagArgs.builder()
                    .key("string")
                    .value("string")
                    .build())
                .build())
            .id("string")
            .priority(0)
            .sourceSelectionCriteria(BucketReplicationConfigRuleSourceSelectionCriteriaArgs.builder()
                .replicaModifications(BucketReplicationConfigRuleSourceSelectionCriteriaReplicaModificationsArgs.builder()
                    .status("string")
                    .build())
                .sseKmsEncryptedObjects(BucketReplicationConfigRuleSourceSelectionCriteriaSseKmsEncryptedObjectsArgs.builder()
                    .status("string")
                    .build())
                .build())
            .build())
        .token("string")
        .build());
    
    bucket_replication_config_resource = aws.s3.BucketReplicationConfig("bucketReplicationConfigResource",
        bucket="string",
        role="string",
        rules=[{
            "destination": {
                "bucket": "string",
                "access_control_translation": {
                    "owner": "string",
                },
                "account": "string",
                "encryption_configuration": {
                    "replica_kms_key_id": "string",
                },
                "metrics": {
                    "status": "string",
                    "event_threshold": {
                        "minutes": 0,
                    },
                },
                "replication_time": {
                    "status": "string",
                    "time": {
                        "minutes": 0,
                    },
                },
                "storage_class": "string",
            },
            "status": "string",
            "delete_marker_replication": {
                "status": "string",
            },
            "existing_object_replication": {
                "status": "string",
            },
            "filter": {
                "and_": {
                    "prefix": "string",
                    "tags": {
                        "string": "string",
                    },
                },
                "prefix": "string",
                "tag": {
                    "key": "string",
                    "value": "string",
                },
            },
            "id": "string",
            "priority": 0,
            "source_selection_criteria": {
                "replica_modifications": {
                    "status": "string",
                },
                "sse_kms_encrypted_objects": {
                    "status": "string",
                },
            },
        }],
        token="string")
    
    const bucketReplicationConfigResource = new aws.s3.BucketReplicationConfig("bucketReplicationConfigResource", {
        bucket: "string",
        role: "string",
        rules: [{
            destination: {
                bucket: "string",
                accessControlTranslation: {
                    owner: "string",
                },
                account: "string",
                encryptionConfiguration: {
                    replicaKmsKeyId: "string",
                },
                metrics: {
                    status: "string",
                    eventThreshold: {
                        minutes: 0,
                    },
                },
                replicationTime: {
                    status: "string",
                    time: {
                        minutes: 0,
                    },
                },
                storageClass: "string",
            },
            status: "string",
            deleteMarkerReplication: {
                status: "string",
            },
            existingObjectReplication: {
                status: "string",
            },
            filter: {
                and: {
                    prefix: "string",
                    tags: {
                        string: "string",
                    },
                },
                prefix: "string",
                tag: {
                    key: "string",
                    value: "string",
                },
            },
            id: "string",
            priority: 0,
            sourceSelectionCriteria: {
                replicaModifications: {
                    status: "string",
                },
                sseKmsEncryptedObjects: {
                    status: "string",
                },
            },
        }],
        token: "string",
    });
    
    type: aws:s3:BucketReplicationConfig
    properties:
        bucket: string
        role: string
        rules:
            - deleteMarkerReplication:
                status: string
              destination:
                accessControlTranslation:
                    owner: string
                account: string
                bucket: string
                encryptionConfiguration:
                    replicaKmsKeyId: string
                metrics:
                    eventThreshold:
                        minutes: 0
                    status: string
                replicationTime:
                    status: string
                    time:
                        minutes: 0
                storageClass: string
              existingObjectReplication:
                status: string
              filter:
                and:
                    prefix: string
                    tags:
                        string: string
                prefix: string
                tag:
                    key: string
                    value: string
              id: string
              priority: 0
              sourceSelectionCriteria:
                replicaModifications:
                    status: string
                sseKmsEncryptedObjects:
                    status: string
              status: string
        token: string
    

    BucketReplicationConfig Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The BucketReplicationConfig resource accepts the following input properties:

    Bucket string
    Name of the source S3 bucket you want Amazon S3 to monitor.
    Role string
    ARN of the IAM role for Amazon S3 to assume when replicating the objects.
    Rules List<BucketReplicationConfigRule>
    List of configuration blocks describing the rules managing the replication. See below.
    Token string
    Token to allow replication to be enabled on an Object Lock-enabled bucket. You must contact AWS support for the bucket's "Object Lock token". For more details, see Using S3 Object Lock with replication.
    Bucket string
    Name of the source S3 bucket you want Amazon S3 to monitor.
    Role string
    ARN of the IAM role for Amazon S3 to assume when replicating the objects.
    Rules []BucketReplicationConfigRuleArgs
    List of configuration blocks describing the rules managing the replication. See below.
    Token string
    Token to allow replication to be enabled on an Object Lock-enabled bucket. You must contact AWS support for the bucket's "Object Lock token". For more details, see Using S3 Object Lock with replication.
    bucket String
    Name of the source S3 bucket you want Amazon S3 to monitor.
    role String
    ARN of the IAM role for Amazon S3 to assume when replicating the objects.
    rules List<BucketReplicationConfigRule>
    List of configuration blocks describing the rules managing the replication. See below.
    token String
    Token to allow replication to be enabled on an Object Lock-enabled bucket. You must contact AWS support for the bucket's "Object Lock token". For more details, see Using S3 Object Lock with replication.
    bucket string
    Name of the source S3 bucket you want Amazon S3 to monitor.
    role string
    ARN of the IAM role for Amazon S3 to assume when replicating the objects.
    rules BucketReplicationConfigRule[]
    List of configuration blocks describing the rules managing the replication. See below.
    token string
    Token to allow replication to be enabled on an Object Lock-enabled bucket. You must contact AWS support for the bucket's "Object Lock token". For more details, see Using S3 Object Lock with replication.
    bucket str
    Name of the source S3 bucket you want Amazon S3 to monitor.
    role str
    ARN of the IAM role for Amazon S3 to assume when replicating the objects.
    rules Sequence[BucketReplicationConfigRuleArgs]
    List of configuration blocks describing the rules managing the replication. See below.
    token str
    Token to allow replication to be enabled on an Object Lock-enabled bucket. You must contact AWS support for the bucket's "Object Lock token". For more details, see Using S3 Object Lock with replication.
    bucket String
    Name of the source S3 bucket you want Amazon S3 to monitor.
    role String
    ARN of the IAM role for Amazon S3 to assume when replicating the objects.
    rules List<Property Map>
    List of configuration blocks describing the rules managing the replication. See below.
    token String
    Token to allow replication to be enabled on an Object Lock-enabled bucket. You must contact AWS support for the bucket's "Object Lock token". For more details, see Using S3 Object Lock with replication.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the BucketReplicationConfig resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing BucketReplicationConfig Resource

    Get an existing BucketReplicationConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: BucketReplicationConfigState, opts?: CustomResourceOptions): BucketReplicationConfig
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            bucket: Optional[str] = None,
            role: Optional[str] = None,
            rules: Optional[Sequence[BucketReplicationConfigRuleArgs]] = None,
            token: Optional[str] = None) -> BucketReplicationConfig
    func GetBucketReplicationConfig(ctx *Context, name string, id IDInput, state *BucketReplicationConfigState, opts ...ResourceOption) (*BucketReplicationConfig, error)
    public static BucketReplicationConfig Get(string name, Input<string> id, BucketReplicationConfigState? state, CustomResourceOptions? opts = null)
    public static BucketReplicationConfig get(String name, Output<String> id, BucketReplicationConfigState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Bucket string
    Name of the source S3 bucket you want Amazon S3 to monitor.
    Role string
    ARN of the IAM role for Amazon S3 to assume when replicating the objects.
    Rules List<BucketReplicationConfigRule>
    List of configuration blocks describing the rules managing the replication. See below.
    Token string
    Token to allow replication to be enabled on an Object Lock-enabled bucket. You must contact AWS support for the bucket's "Object Lock token". For more details, see Using S3 Object Lock with replication.
    Bucket string
    Name of the source S3 bucket you want Amazon S3 to monitor.
    Role string
    ARN of the IAM role for Amazon S3 to assume when replicating the objects.
    Rules []BucketReplicationConfigRuleArgs
    List of configuration blocks describing the rules managing the replication. See below.
    Token string
    Token to allow replication to be enabled on an Object Lock-enabled bucket. You must contact AWS support for the bucket's "Object Lock token". For more details, see Using S3 Object Lock with replication.
    bucket String
    Name of the source S3 bucket you want Amazon S3 to monitor.
    role String
    ARN of the IAM role for Amazon S3 to assume when replicating the objects.
    rules List<BucketReplicationConfigRule>
    List of configuration blocks describing the rules managing the replication. See below.
    token String
    Token to allow replication to be enabled on an Object Lock-enabled bucket. You must contact AWS support for the bucket's "Object Lock token". For more details, see Using S3 Object Lock with replication.
    bucket string
    Name of the source S3 bucket you want Amazon S3 to monitor.
    role string
    ARN of the IAM role for Amazon S3 to assume when replicating the objects.
    rules BucketReplicationConfigRule[]
    List of configuration blocks describing the rules managing the replication. See below.
    token string
    Token to allow replication to be enabled on an Object Lock-enabled bucket. You must contact AWS support for the bucket's "Object Lock token". For more details, see Using S3 Object Lock with replication.
    bucket str
    Name of the source S3 bucket you want Amazon S3 to monitor.
    role str
    ARN of the IAM role for Amazon S3 to assume when replicating the objects.
    rules Sequence[BucketReplicationConfigRuleArgs]
    List of configuration blocks describing the rules managing the replication. See below.
    token str
    Token to allow replication to be enabled on an Object Lock-enabled bucket. You must contact AWS support for the bucket's "Object Lock token". For more details, see Using S3 Object Lock with replication.
    bucket String
    Name of the source S3 bucket you want Amazon S3 to monitor.
    role String
    ARN of the IAM role for Amazon S3 to assume when replicating the objects.
    rules List<Property Map>
    List of configuration blocks describing the rules managing the replication. See below.
    token String
    Token to allow replication to be enabled on an Object Lock-enabled bucket. You must contact AWS support for the bucket's "Object Lock token". For more details, see Using S3 Object Lock with replication.

    Supporting Types

    BucketReplicationConfigRule, BucketReplicationConfigRuleArgs

    Destination BucketReplicationConfigRuleDestination
    Specifies the destination for the rule. See below.
    Status string
    Status of the rule. Either "Enabled" or "Disabled". The rule is ignored if status is not "Enabled".
    DeleteMarkerReplication BucketReplicationConfigRuleDeleteMarkerReplication
    Whether delete markers are replicated. This argument is only valid with V2 replication configurations (i.e., when filter is used)documented below.
    ExistingObjectReplication BucketReplicationConfigRuleExistingObjectReplication
    Replicate existing objects in the source bucket according to the rule configurations. See below.
    Filter BucketReplicationConfigRuleFilter
    Filter that identifies subset of objects to which the replication rule applies. See below. If not specified, the rule will default to using prefix.
    Id string
    Unique identifier for the rule. Must be less than or equal to 255 characters in length.
    Prefix string
    Object key name prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length. Defaults to an empty string ("") if filter is not specified.

    Deprecated: Use filter instead

    Priority int
    Priority associated with the rule. Priority should only be set if filter is configured. If not provided, defaults to 0. Priority must be unique between multiple rules.
    SourceSelectionCriteria BucketReplicationConfigRuleSourceSelectionCriteria
    Specifies special object selection criteria. See below.
    Destination BucketReplicationConfigRuleDestination
    Specifies the destination for the rule. See below.
    Status string
    Status of the rule. Either "Enabled" or "Disabled". The rule is ignored if status is not "Enabled".
    DeleteMarkerReplication BucketReplicationConfigRuleDeleteMarkerReplication
    Whether delete markers are replicated. This argument is only valid with V2 replication configurations (i.e., when filter is used)documented below.
    ExistingObjectReplication BucketReplicationConfigRuleExistingObjectReplication
    Replicate existing objects in the source bucket according to the rule configurations. See below.
    Filter BucketReplicationConfigRuleFilter
    Filter that identifies subset of objects to which the replication rule applies. See below. If not specified, the rule will default to using prefix.
    Id string
    Unique identifier for the rule. Must be less than or equal to 255 characters in length.
    Prefix string
    Object key name prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length. Defaults to an empty string ("") if filter is not specified.

    Deprecated: Use filter instead

    Priority int
    Priority associated with the rule. Priority should only be set if filter is configured. If not provided, defaults to 0. Priority must be unique between multiple rules.
    SourceSelectionCriteria BucketReplicationConfigRuleSourceSelectionCriteria
    Specifies special object selection criteria. See below.
    destination BucketReplicationConfigRuleDestination
    Specifies the destination for the rule. See below.
    status String
    Status of the rule. Either "Enabled" or "Disabled". The rule is ignored if status is not "Enabled".
    deleteMarkerReplication BucketReplicationConfigRuleDeleteMarkerReplication
    Whether delete markers are replicated. This argument is only valid with V2 replication configurations (i.e., when filter is used)documented below.
    existingObjectReplication BucketReplicationConfigRuleExistingObjectReplication
    Replicate existing objects in the source bucket according to the rule configurations. See below.
    filter BucketReplicationConfigRuleFilter
    Filter that identifies subset of objects to which the replication rule applies. See below. If not specified, the rule will default to using prefix.
    id String
    Unique identifier for the rule. Must be less than or equal to 255 characters in length.
    prefix String
    Object key name prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length. Defaults to an empty string ("") if filter is not specified.

    Deprecated: Use filter instead

    priority Integer
    Priority associated with the rule. Priority should only be set if filter is configured. If not provided, defaults to 0. Priority must be unique between multiple rules.
    sourceSelectionCriteria BucketReplicationConfigRuleSourceSelectionCriteria
    Specifies special object selection criteria. See below.
    destination BucketReplicationConfigRuleDestination
    Specifies the destination for the rule. See below.
    status string
    Status of the rule. Either "Enabled" or "Disabled". The rule is ignored if status is not "Enabled".
    deleteMarkerReplication BucketReplicationConfigRuleDeleteMarkerReplication
    Whether delete markers are replicated. This argument is only valid with V2 replication configurations (i.e., when filter is used)documented below.
    existingObjectReplication BucketReplicationConfigRuleExistingObjectReplication
    Replicate existing objects in the source bucket according to the rule configurations. See below.
    filter BucketReplicationConfigRuleFilter
    Filter that identifies subset of objects to which the replication rule applies. See below. If not specified, the rule will default to using prefix.
    id string
    Unique identifier for the rule. Must be less than or equal to 255 characters in length.
    prefix string
    Object key name prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length. Defaults to an empty string ("") if filter is not specified.

    Deprecated: Use filter instead

    priority number
    Priority associated with the rule. Priority should only be set if filter is configured. If not provided, defaults to 0. Priority must be unique between multiple rules.
    sourceSelectionCriteria BucketReplicationConfigRuleSourceSelectionCriteria
    Specifies special object selection criteria. See below.
    destination BucketReplicationConfigRuleDestination
    Specifies the destination for the rule. See below.
    status str
    Status of the rule. Either "Enabled" or "Disabled". The rule is ignored if status is not "Enabled".
    delete_marker_replication BucketReplicationConfigRuleDeleteMarkerReplication
    Whether delete markers are replicated. This argument is only valid with V2 replication configurations (i.e., when filter is used)documented below.
    existing_object_replication BucketReplicationConfigRuleExistingObjectReplication
    Replicate existing objects in the source bucket according to the rule configurations. See below.
    filter BucketReplicationConfigRuleFilter
    Filter that identifies subset of objects to which the replication rule applies. See below. If not specified, the rule will default to using prefix.
    id str
    Unique identifier for the rule. Must be less than or equal to 255 characters in length.
    prefix str
    Object key name prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length. Defaults to an empty string ("") if filter is not specified.

    Deprecated: Use filter instead

    priority int
    Priority associated with the rule. Priority should only be set if filter is configured. If not provided, defaults to 0. Priority must be unique between multiple rules.
    source_selection_criteria BucketReplicationConfigRuleSourceSelectionCriteria
    Specifies special object selection criteria. See below.
    destination Property Map
    Specifies the destination for the rule. See below.
    status String
    Status of the rule. Either "Enabled" or "Disabled". The rule is ignored if status is not "Enabled".
    deleteMarkerReplication Property Map
    Whether delete markers are replicated. This argument is only valid with V2 replication configurations (i.e., when filter is used)documented below.
    existingObjectReplication Property Map
    Replicate existing objects in the source bucket according to the rule configurations. See below.
    filter Property Map
    Filter that identifies subset of objects to which the replication rule applies. See below. If not specified, the rule will default to using prefix.
    id String
    Unique identifier for the rule. Must be less than or equal to 255 characters in length.
    prefix String
    Object key name prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length. Defaults to an empty string ("") if filter is not specified.

    Deprecated: Use filter instead

    priority Number
    Priority associated with the rule. Priority should only be set if filter is configured. If not provided, defaults to 0. Priority must be unique between multiple rules.
    sourceSelectionCriteria Property Map
    Specifies special object selection criteria. See below.

    BucketReplicationConfigRuleDeleteMarkerReplication, BucketReplicationConfigRuleDeleteMarkerReplicationArgs

    Status string
    Whether delete markers should be replicated. Either "Enabled" or "Disabled".
    Status string
    Whether delete markers should be replicated. Either "Enabled" or "Disabled".
    status String
    Whether delete markers should be replicated. Either "Enabled" or "Disabled".
    status string
    Whether delete markers should be replicated. Either "Enabled" or "Disabled".
    status str
    Whether delete markers should be replicated. Either "Enabled" or "Disabled".
    status String
    Whether delete markers should be replicated. Either "Enabled" or "Disabled".

    BucketReplicationConfigRuleDestination, BucketReplicationConfigRuleDestinationArgs

    Bucket string
    ARN of the bucket where you want Amazon S3 to store the results.
    AccessControlTranslation BucketReplicationConfigRuleDestinationAccessControlTranslation
    Configuration block that specifies the overrides to use for object owners on replication. See below. Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the AWS account that owns the destination bucket. If this is not specified in the replication configuration, the replicas are owned by same AWS account that owns the source object. Must be used in conjunction with account owner override configuration.
    Account string
    Account ID to specify the replica ownership. Must be used in conjunction with access_control_translation override configuration.
    EncryptionConfiguration BucketReplicationConfigRuleDestinationEncryptionConfiguration
    Configuration block that provides information about encryption. See below. If source_selection_criteria is specified, you must specify this element.
    Metrics BucketReplicationConfigRuleDestinationMetrics
    Configuration block that specifies replication metrics-related settings enabling replication metrics and events. See below.
    ReplicationTime BucketReplicationConfigRuleDestinationReplicationTime
    Configuration block that specifies S3 Replication Time Control (S3 RTC), including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. See below. Replication Time Control must be used in conjunction with metrics.
    StorageClass string
    The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
    Bucket string
    ARN of the bucket where you want Amazon S3 to store the results.
    AccessControlTranslation BucketReplicationConfigRuleDestinationAccessControlTranslation
    Configuration block that specifies the overrides to use for object owners on replication. See below. Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the AWS account that owns the destination bucket. If this is not specified in the replication configuration, the replicas are owned by same AWS account that owns the source object. Must be used in conjunction with account owner override configuration.
    Account string
    Account ID to specify the replica ownership. Must be used in conjunction with access_control_translation override configuration.
    EncryptionConfiguration BucketReplicationConfigRuleDestinationEncryptionConfiguration
    Configuration block that provides information about encryption. See below. If source_selection_criteria is specified, you must specify this element.
    Metrics BucketReplicationConfigRuleDestinationMetrics
    Configuration block that specifies replication metrics-related settings enabling replication metrics and events. See below.
    ReplicationTime BucketReplicationConfigRuleDestinationReplicationTime
    Configuration block that specifies S3 Replication Time Control (S3 RTC), including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. See below. Replication Time Control must be used in conjunction with metrics.
    StorageClass string
    The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
    bucket String
    ARN of the bucket where you want Amazon S3 to store the results.
    accessControlTranslation BucketReplicationConfigRuleDestinationAccessControlTranslation
    Configuration block that specifies the overrides to use for object owners on replication. See below. Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the AWS account that owns the destination bucket. If this is not specified in the replication configuration, the replicas are owned by same AWS account that owns the source object. Must be used in conjunction with account owner override configuration.
    account String
    Account ID to specify the replica ownership. Must be used in conjunction with access_control_translation override configuration.
    encryptionConfiguration BucketReplicationConfigRuleDestinationEncryptionConfiguration
    Configuration block that provides information about encryption. See below. If source_selection_criteria is specified, you must specify this element.
    metrics BucketReplicationConfigRuleDestinationMetrics
    Configuration block that specifies replication metrics-related settings enabling replication metrics and events. See below.
    replicationTime BucketReplicationConfigRuleDestinationReplicationTime
    Configuration block that specifies S3 Replication Time Control (S3 RTC), including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. See below. Replication Time Control must be used in conjunction with metrics.
    storageClass String
    The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
    bucket string
    ARN of the bucket where you want Amazon S3 to store the results.
    accessControlTranslation BucketReplicationConfigRuleDestinationAccessControlTranslation
    Configuration block that specifies the overrides to use for object owners on replication. See below. Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the AWS account that owns the destination bucket. If this is not specified in the replication configuration, the replicas are owned by same AWS account that owns the source object. Must be used in conjunction with account owner override configuration.
    account string
    Account ID to specify the replica ownership. Must be used in conjunction with access_control_translation override configuration.
    encryptionConfiguration BucketReplicationConfigRuleDestinationEncryptionConfiguration
    Configuration block that provides information about encryption. See below. If source_selection_criteria is specified, you must specify this element.
    metrics BucketReplicationConfigRuleDestinationMetrics
    Configuration block that specifies replication metrics-related settings enabling replication metrics and events. See below.
    replicationTime BucketReplicationConfigRuleDestinationReplicationTime
    Configuration block that specifies S3 Replication Time Control (S3 RTC), including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. See below. Replication Time Control must be used in conjunction with metrics.
    storageClass string
    The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
    bucket str
    ARN of the bucket where you want Amazon S3 to store the results.
    access_control_translation BucketReplicationConfigRuleDestinationAccessControlTranslation
    Configuration block that specifies the overrides to use for object owners on replication. See below. Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the AWS account that owns the destination bucket. If this is not specified in the replication configuration, the replicas are owned by same AWS account that owns the source object. Must be used in conjunction with account owner override configuration.
    account str
    Account ID to specify the replica ownership. Must be used in conjunction with access_control_translation override configuration.
    encryption_configuration BucketReplicationConfigRuleDestinationEncryptionConfiguration
    Configuration block that provides information about encryption. See below. If source_selection_criteria is specified, you must specify this element.
    metrics BucketReplicationConfigRuleDestinationMetrics
    Configuration block that specifies replication metrics-related settings enabling replication metrics and events. See below.
    replication_time BucketReplicationConfigRuleDestinationReplicationTime
    Configuration block that specifies S3 Replication Time Control (S3 RTC), including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. See below. Replication Time Control must be used in conjunction with metrics.
    storage_class str
    The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.
    bucket String
    ARN of the bucket where you want Amazon S3 to store the results.
    accessControlTranslation Property Map
    Configuration block that specifies the overrides to use for object owners on replication. See below. Specify this only in a cross-account scenario (where source and destination bucket owners are not the same), and you want to change replica ownership to the AWS account that owns the destination bucket. If this is not specified in the replication configuration, the replicas are owned by same AWS account that owns the source object. Must be used in conjunction with account owner override configuration.
    account String
    Account ID to specify the replica ownership. Must be used in conjunction with access_control_translation override configuration.
    encryptionConfiguration Property Map
    Configuration block that provides information about encryption. See below. If source_selection_criteria is specified, you must specify this element.
    metrics Property Map
    Configuration block that specifies replication metrics-related settings enabling replication metrics and events. See below.
    replicationTime Property Map
    Configuration block that specifies S3 Replication Time Control (S3 RTC), including whether S3 RTC is enabled and the time when all objects and operations on objects must be replicated. See below. Replication Time Control must be used in conjunction with metrics.
    storageClass String
    The storage class used to store the object. By default, Amazon S3 uses the storage class of the source object to create the object replica.

    BucketReplicationConfigRuleDestinationAccessControlTranslation, BucketReplicationConfigRuleDestinationAccessControlTranslationArgs

    Owner string
    Specifies the replica ownership. For default and valid values, see PUT bucket replication in the Amazon S3 API Reference. Valid values: Destination.
    Owner string
    Specifies the replica ownership. For default and valid values, see PUT bucket replication in the Amazon S3 API Reference. Valid values: Destination.
    owner String
    Specifies the replica ownership. For default and valid values, see PUT bucket replication in the Amazon S3 API Reference. Valid values: Destination.
    owner string
    Specifies the replica ownership. For default and valid values, see PUT bucket replication in the Amazon S3 API Reference. Valid values: Destination.
    owner str
    Specifies the replica ownership. For default and valid values, see PUT bucket replication in the Amazon S3 API Reference. Valid values: Destination.
    owner String
    Specifies the replica ownership. For default and valid values, see PUT bucket replication in the Amazon S3 API Reference. Valid values: Destination.

    BucketReplicationConfigRuleDestinationEncryptionConfiguration, BucketReplicationConfigRuleDestinationEncryptionConfigurationArgs

    ReplicaKmsKeyId string
    ID (Key ARN or Alias ARN) of the customer managed AWS KMS key stored in AWS Key Management Service (KMS) for the destination bucket.
    ReplicaKmsKeyId string
    ID (Key ARN or Alias ARN) of the customer managed AWS KMS key stored in AWS Key Management Service (KMS) for the destination bucket.
    replicaKmsKeyId String
    ID (Key ARN or Alias ARN) of the customer managed AWS KMS key stored in AWS Key Management Service (KMS) for the destination bucket.
    replicaKmsKeyId string
    ID (Key ARN or Alias ARN) of the customer managed AWS KMS key stored in AWS Key Management Service (KMS) for the destination bucket.
    replica_kms_key_id str
    ID (Key ARN or Alias ARN) of the customer managed AWS KMS key stored in AWS Key Management Service (KMS) for the destination bucket.
    replicaKmsKeyId String
    ID (Key ARN or Alias ARN) of the customer managed AWS KMS key stored in AWS Key Management Service (KMS) for the destination bucket.

    BucketReplicationConfigRuleDestinationMetrics, BucketReplicationConfigRuleDestinationMetricsArgs

    Status string
    Status of the Destination Metrics. Either "Enabled" or "Disabled".
    EventThreshold BucketReplicationConfigRuleDestinationMetricsEventThreshold
    Configuration block that specifies the time threshold for emitting the s3:Replication:OperationMissedThreshold event. See below.
    Status string
    Status of the Destination Metrics. Either "Enabled" or "Disabled".
    EventThreshold BucketReplicationConfigRuleDestinationMetricsEventThreshold
    Configuration block that specifies the time threshold for emitting the s3:Replication:OperationMissedThreshold event. See below.
    status String
    Status of the Destination Metrics. Either "Enabled" or "Disabled".
    eventThreshold BucketReplicationConfigRuleDestinationMetricsEventThreshold
    Configuration block that specifies the time threshold for emitting the s3:Replication:OperationMissedThreshold event. See below.
    status string
    Status of the Destination Metrics. Either "Enabled" or "Disabled".
    eventThreshold BucketReplicationConfigRuleDestinationMetricsEventThreshold
    Configuration block that specifies the time threshold for emitting the s3:Replication:OperationMissedThreshold event. See below.
    status str
    Status of the Destination Metrics. Either "Enabled" or "Disabled".
    event_threshold BucketReplicationConfigRuleDestinationMetricsEventThreshold
    Configuration block that specifies the time threshold for emitting the s3:Replication:OperationMissedThreshold event. See below.
    status String
    Status of the Destination Metrics. Either "Enabled" or "Disabled".
    eventThreshold Property Map
    Configuration block that specifies the time threshold for emitting the s3:Replication:OperationMissedThreshold event. See below.

    BucketReplicationConfigRuleDestinationMetricsEventThreshold, BucketReplicationConfigRuleDestinationMetricsEventThresholdArgs

    Minutes int
    Time in minutes. Valid values: 15.
    Minutes int
    Time in minutes. Valid values: 15.
    minutes Integer
    Time in minutes. Valid values: 15.
    minutes number
    Time in minutes. Valid values: 15.
    minutes int
    Time in minutes. Valid values: 15.
    minutes Number
    Time in minutes. Valid values: 15.

    BucketReplicationConfigRuleDestinationReplicationTime, BucketReplicationConfigRuleDestinationReplicationTimeArgs

    Status string
    Status of the Replication Time Control. Either "Enabled" or "Disabled".
    Time BucketReplicationConfigRuleDestinationReplicationTimeTime
    Configuration block specifying the time by which replication should be complete for all objects and operations on objects. See below.
    Status string
    Status of the Replication Time Control. Either "Enabled" or "Disabled".
    Time BucketReplicationConfigRuleDestinationReplicationTimeTime
    Configuration block specifying the time by which replication should be complete for all objects and operations on objects. See below.
    status String
    Status of the Replication Time Control. Either "Enabled" or "Disabled".
    time BucketReplicationConfigRuleDestinationReplicationTimeTime
    Configuration block specifying the time by which replication should be complete for all objects and operations on objects. See below.
    status string
    Status of the Replication Time Control. Either "Enabled" or "Disabled".
    time BucketReplicationConfigRuleDestinationReplicationTimeTime
    Configuration block specifying the time by which replication should be complete for all objects and operations on objects. See below.
    status str
    Status of the Replication Time Control. Either "Enabled" or "Disabled".
    time BucketReplicationConfigRuleDestinationReplicationTimeTime
    Configuration block specifying the time by which replication should be complete for all objects and operations on objects. See below.
    status String
    Status of the Replication Time Control. Either "Enabled" or "Disabled".
    time Property Map
    Configuration block specifying the time by which replication should be complete for all objects and operations on objects. See below.

    BucketReplicationConfigRuleDestinationReplicationTimeTime, BucketReplicationConfigRuleDestinationReplicationTimeTimeArgs

    Minutes int
    Time in minutes. Valid values: 15.
    Minutes int
    Time in minutes. Valid values: 15.
    minutes Integer
    Time in minutes. Valid values: 15.
    minutes number
    Time in minutes. Valid values: 15.
    minutes int
    Time in minutes. Valid values: 15.
    minutes Number
    Time in minutes. Valid values: 15.

    BucketReplicationConfigRuleExistingObjectReplication, BucketReplicationConfigRuleExistingObjectReplicationArgs

    Status string
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".
    Status string
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".
    status String
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".
    status string
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".
    status str
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".
    status String
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".

    BucketReplicationConfigRuleFilter, BucketReplicationConfigRuleFilterArgs

    And BucketReplicationConfigRuleFilterAnd
    Configuration block for specifying rule filters. This element is required only if you specify more than one filter. See and below for more details.
    Prefix string
    Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
    Tag BucketReplicationConfigRuleFilterTag
    Configuration block for specifying a tag key and value. See below.
    And BucketReplicationConfigRuleFilterAnd
    Configuration block for specifying rule filters. This element is required only if you specify more than one filter. See and below for more details.
    Prefix string
    Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
    Tag BucketReplicationConfigRuleFilterTag
    Configuration block for specifying a tag key and value. See below.
    and BucketReplicationConfigRuleFilterAnd
    Configuration block for specifying rule filters. This element is required only if you specify more than one filter. See and below for more details.
    prefix String
    Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
    tag BucketReplicationConfigRuleFilterTag
    Configuration block for specifying a tag key and value. See below.
    and BucketReplicationConfigRuleFilterAnd
    Configuration block for specifying rule filters. This element is required only if you specify more than one filter. See and below for more details.
    prefix string
    Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
    tag BucketReplicationConfigRuleFilterTag
    Configuration block for specifying a tag key and value. See below.
    and_ BucketReplicationConfigRuleFilterAnd
    Configuration block for specifying rule filters. This element is required only if you specify more than one filter. See and below for more details.
    prefix str
    Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
    tag BucketReplicationConfigRuleFilterTag
    Configuration block for specifying a tag key and value. See below.
    and Property Map
    Configuration block for specifying rule filters. This element is required only if you specify more than one filter. See and below for more details.
    prefix String
    Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
    tag Property Map
    Configuration block for specifying a tag key and value. See below.

    BucketReplicationConfigRuleFilterAnd, BucketReplicationConfigRuleFilterAndArgs

    Prefix string
    Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
    Tags Dictionary<string, string>
    Map of tags (key and value pairs) that identifies a subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
    Prefix string
    Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
    Tags map[string]string
    Map of tags (key and value pairs) that identifies a subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
    prefix String
    Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
    tags Map<String,String>
    Map of tags (key and value pairs) that identifies a subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
    prefix string
    Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
    tags {[key: string]: string}
    Map of tags (key and value pairs) that identifies a subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
    prefix str
    Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
    tags Mapping[str, str]
    Map of tags (key and value pairs) that identifies a subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.
    prefix String
    Object key name prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.
    tags Map<String>
    Map of tags (key and value pairs) that identifies a subset of objects to which the rule applies. The rule applies only to objects having all the tags in its tagset.

    BucketReplicationConfigRuleFilterTag, BucketReplicationConfigRuleFilterTagArgs

    Key string
    Name of the object key.
    Value string
    Value of the tag.
    Key string
    Name of the object key.
    Value string
    Value of the tag.
    key String
    Name of the object key.
    value String
    Value of the tag.
    key string
    Name of the object key.
    value string
    Value of the tag.
    key str
    Name of the object key.
    value str
    Value of the tag.
    key String
    Name of the object key.
    value String
    Value of the tag.

    BucketReplicationConfigRuleSourceSelectionCriteria, BucketReplicationConfigRuleSourceSelectionCriteriaArgs

    ReplicaModifications BucketReplicationConfigRuleSourceSelectionCriteriaReplicaModifications
    Configuration block that you can specify for selections for modifications on replicas. Amazon S3 doesn't replicate replica modifications by default. In the latest version of replication configuration (when filter is specified), you can specify this element and set the status to Enabled to replicate modifications on replicas.
    SseKmsEncryptedObjects BucketReplicationConfigRuleSourceSelectionCriteriaSseKmsEncryptedObjects
    Configuration block for filter information for the selection of Amazon S3 objects encrypted with AWS KMS. If specified, replica_kms_key_id in destination encryption_configuration must be specified as well.
    ReplicaModifications BucketReplicationConfigRuleSourceSelectionCriteriaReplicaModifications
    Configuration block that you can specify for selections for modifications on replicas. Amazon S3 doesn't replicate replica modifications by default. In the latest version of replication configuration (when filter is specified), you can specify this element and set the status to Enabled to replicate modifications on replicas.
    SseKmsEncryptedObjects BucketReplicationConfigRuleSourceSelectionCriteriaSseKmsEncryptedObjects
    Configuration block for filter information for the selection of Amazon S3 objects encrypted with AWS KMS. If specified, replica_kms_key_id in destination encryption_configuration must be specified as well.
    replicaModifications BucketReplicationConfigRuleSourceSelectionCriteriaReplicaModifications
    Configuration block that you can specify for selections for modifications on replicas. Amazon S3 doesn't replicate replica modifications by default. In the latest version of replication configuration (when filter is specified), you can specify this element and set the status to Enabled to replicate modifications on replicas.
    sseKmsEncryptedObjects BucketReplicationConfigRuleSourceSelectionCriteriaSseKmsEncryptedObjects
    Configuration block for filter information for the selection of Amazon S3 objects encrypted with AWS KMS. If specified, replica_kms_key_id in destination encryption_configuration must be specified as well.
    replicaModifications BucketReplicationConfigRuleSourceSelectionCriteriaReplicaModifications
    Configuration block that you can specify for selections for modifications on replicas. Amazon S3 doesn't replicate replica modifications by default. In the latest version of replication configuration (when filter is specified), you can specify this element and set the status to Enabled to replicate modifications on replicas.
    sseKmsEncryptedObjects BucketReplicationConfigRuleSourceSelectionCriteriaSseKmsEncryptedObjects
    Configuration block for filter information for the selection of Amazon S3 objects encrypted with AWS KMS. If specified, replica_kms_key_id in destination encryption_configuration must be specified as well.
    replica_modifications BucketReplicationConfigRuleSourceSelectionCriteriaReplicaModifications
    Configuration block that you can specify for selections for modifications on replicas. Amazon S3 doesn't replicate replica modifications by default. In the latest version of replication configuration (when filter is specified), you can specify this element and set the status to Enabled to replicate modifications on replicas.
    sse_kms_encrypted_objects BucketReplicationConfigRuleSourceSelectionCriteriaSseKmsEncryptedObjects
    Configuration block for filter information for the selection of Amazon S3 objects encrypted with AWS KMS. If specified, replica_kms_key_id in destination encryption_configuration must be specified as well.
    replicaModifications Property Map
    Configuration block that you can specify for selections for modifications on replicas. Amazon S3 doesn't replicate replica modifications by default. In the latest version of replication configuration (when filter is specified), you can specify this element and set the status to Enabled to replicate modifications on replicas.
    sseKmsEncryptedObjects Property Map
    Configuration block for filter information for the selection of Amazon S3 objects encrypted with AWS KMS. If specified, replica_kms_key_id in destination encryption_configuration must be specified as well.

    BucketReplicationConfigRuleSourceSelectionCriteriaReplicaModifications, BucketReplicationConfigRuleSourceSelectionCriteriaReplicaModificationsArgs

    Status string
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".
    Status string
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".
    status String
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".
    status string
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".
    status str
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".
    status String
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".

    BucketReplicationConfigRuleSourceSelectionCriteriaSseKmsEncryptedObjects, BucketReplicationConfigRuleSourceSelectionCriteriaSseKmsEncryptedObjectsArgs

    Status string
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".
    Status string
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".
    status String
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".
    status string
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".
    status str
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".
    status String
    Whether the existing objects should be replicated. Either "Enabled" or "Disabled".

    Import

    Using pulumi import, import S3 bucket replication configuration using the bucket. For example:

    $ pulumi import aws:s3/bucketReplicationConfig:BucketReplicationConfig replication bucket-name
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi