Search code examples
amazon-web-servicesamazon-s3terraformreplication

How can we enable Amazon S3 replication modification sync in terraform?

I am working on an Amazon S3 replication using terraform . I want to enable rule "Repilcate modification sync" but I don't think so it is defined in terraform .

Right now my code looks :

replication_configuration {
    role = "${aws_iam_role.source_replication.arn}"

    rules {
      id     = "${local.replication_name}"
      status = "Enabled"
      prefix = "${var.replicate_prefix}"

      destination {
        bucket        = "${local.dest_bucket_arn}"
        storage_class = "STANDARD"

        access_control_translation = {
          owner = "Destination"
        }

        account_id = "${data.aws_caller_identity.dest.account_id}"
      }

      source_selection_criteria {
        replica_modifications {
          Status = "Enabled"
        }
      }
    }
  }

It gives an error :

Error: Unsupported block type

  on s3_bucket.tf line 61, in resource "aws_s3_bucket" "bucket":
  61:         replica_modifications {

Blocks of type "replica_modifications" are not expected here.

The rules which I have to enable looks like this in console. enter image description here

With AWS CLI in terraform , I am not sure how can I use variables like destination ${local.dest_bucket_arn} and ${aws_iam_role.source_replication.arn} in my son file which I am calling.

resource "null_resource" "awsrepl" {
  # ...

  provisioner "local-exec" {
    command = "aws s3api put-bucket-replication --replication-configuration templatefile://replication_source.json --bucket ${var.bucket_name}"
    
  }
}

replication_source.json looks like :

{
    "Rules": [
        {
            "Status": "Enabled",
            "DeleteMarkerReplication": { "Status": "Enabled" },
            "SourceSelectionCriteria": {
                "ReplicaModifications":{
                    "Status": "Enabled"
                }
            },
            "Destination": {
                "Bucket": "${local.dest_bucket_arn}"
            },
            "Priority": 1
        }
    ],
    "Role": "${aws_iam_role.source_replication.arn}"
}
Solution

  • You are correct. It is not yet supported, but there is a GitHub issue for that already:

    By the way, Delete marker replication is also not supported.

    Your options are to either do it manually after you deploy your bucket, or use local-exec to run AWS CLI to do it, or aws_lambda_invocation.