Hi guys, today we will be learning how to perform cross region replication ie CRR on aws using terraform.
Basically cross region replication is one the many features that aws provides by which you can replicate s3 objects into other aws region’s s3 bucket for reduced latency, security, disaster recovery etc.
You can also do it using AWS console but here we will be using IAAC tool, terraform. In many production based scenario you will be having a IAAC tool only.
Steps to perform CRR:-
Terraform Script For AWS CRRCreate a main.tf, variables.tf and terraform.tfvars inside your empty directory
Inside variable.tf, create variables “source_bucket_name”, “stage”, “project”, “product”, “description”, “managedBy”, “tags”, “public”, “forced_destroy”, “version”, “lifecycle_enabled”, “iam_role_name”, “destination_bucket_name”. Please visit https://github.com/akipriyadarshi/terra_aws_crr_srr_lambda_trigger/blob/master/myown_crr/variables.tf for more details.
variable "source_bucket_name" {
type = string
description = "Source Bucket Name"
}
variable "stage" {
type = string
description = "Deployment stage/environment name"
}
variable "project" {
type = string
description = "Project Name"
default = "Bucket Replication Project"
}
variable "product" {
type = string
description = "Product Domain"
default = "DEMO"
}
variable "description" {
type = string
description = "The description of this S3 bucket"
default = "S3 Bucket to hold your Data"
}
variable "managedBy" {
description = "Managed By automation tool name"
default = "Terraform"
}
variable "tags" {
description = "A map of tags to add to all resources"
default = {}
}
variable "public" {
description = "Allow public read access to bucket"
default = "private"
}
variable "force_destroy" {
description = "Delete all objects in bucket on destroy"
default = true
}
variable "versioned" {
description = "Version the bucket"
default = true
}
variable "lifecycle_enabled" {
description = "Is Lifecycle enabled?"
default = false
}
variable "iam_role_name" {
type = string
description = "IAM Role name for replication"
}
variable "destination_bucket_name" {
type = string
description = "Destination bucket name"
}
Now inside terraform.tfvars provide the values of variables stage, iam_role_name, source_bucket_name and destination_bucket_name. visit https://github.com/akipriyadarshi/terra_aws_crr_srr_lambda_trigger/blob/master/myown_crr/terraform.tfvars for more details.
stage = "dev"
iam_role_name = "demo-bucket-replication"
source_bucket_name = "demotf-source-bucket-aki-crr"
destination_bucket_name = "demotf-destination-bucket-aki-crr"
Now we have to write main.tf.
Write down the provider details or source and destination s3 bucket. follow https://github.com/akipriyadarshi/terra_aws_crr_srr_lambda_trigger/blob/master/myown_crr/main.tf for sample
#Destination
provider "aws" {
region = "us-east-1"
}
#Source
provider "aws" {
alias = "central"
region = "us-west-2"
}
Create aws_s3_bucket resource for destination bucket. provide tags, versioning info, acl etc.
aws_bucket_policy. provide destination bucket id and its policy
Create aws_iam_policy resource and provide name, description and policy
create aws_iam_role and aws_iam_role_policy_attachment resource
Now create aws_s3_bucket for source bucket. provide replication configuration inside this block
For above each point visit https://github.com/akipriyadarshi/terra_aws_crr_srr_lambda_trigger/blob/master/myown_crr/main.tf.
Now you can add some data inside source bucket, and can see the same data in destination bucket which confirms the cross region replication ie crr
In order to achieve cross region replication(crr) we need above steps. you can also add output.tf as i did, but that is not mandatory.
Now, enter terraform apply to apply the changes over your configured aws. Due to terraform it is very easy to manage cross region replication on aws.