Help Center> Object Storage Service> Console Operation Guide> Data Security> Configuring Cross-Region Replication
Updated on 2024-05-31 GMT+08:00
View PDF

Configuring Cross-Region Replication

To replicate objects from a source bucket to a destination bucket in a different region, you can configure a single cross-region replication rule that is applied to all objects in the bucket, or you can configure multiple rules that are applied to a set of objects by specifying a prefix.

A cross-region replication rule may not take effect immediately upon its configuration. Accordingly, the objects that this rule is applied to may not be replicated immediately after the rule is configured.

Buckets with WORM enabled do not support cross-region replication.

Prerequisites

The source bucket version is 3.0 or later, and cross-region replication is available in the region of the source bucket. For details about the support for cross-region replication in each region, search for "cross-region replication" on the Function Overview page.

Procedure

  1. In the navigation pane of OBS Console, choose Object Storage.
  2. In the bucket list, click the bucket you want to operate to go to the Objects page.
  3. In the navigation pane, click Cross-Region Replication.
  4. Click Create Rule. The Create Cross-Region Replication Rule dialog box is displayed. See Figure 1.

    Figure 1 Creating a cross-region replication rule
    • The versioning status of the source and destination buckets must keep the same.
    • A bucket can have only one destination bucket and one IAM agency configured for cross-region replication. The destination bucket and IAM agency specified in a later replication rule will overwrite those in the previous replication rule of the bucket.

  5. Configure a cross-region replication rule according to your service needs. For details about the parameters, see Table 1.

    Table 1 Cross-region replication parameters

    Parameter

    Description

    Status

    Indicates whether the rule is enabled or disabled after being created. The versioning status of the source and destination buckets must keep the same.

    Source Bucket

    Replicate

    Indicates the objects the rule will apply to.

    • All objects: The rule applies to all objects in the bucket.
    • Match by prefix: The rule applies only to objects with the specified prefix.

    Prefix
    • To apply the rule to objects with the specified prefix, you must set Prefix to a value no longer than 1,024 characters.
    • If the specified prefix overlaps with the prefix of an existing rule, OBS regards these two rules as one and forbids you to configure the one you are configuring. For example, if there is already a rule with prefix abc in OBS, you cannot configure another rule whose prefix starts with abc.
    • To copy a folder, end the prefix with a slash (/), for example, imgs/.

    Synchronize Existing Objects

    Indicates whether to synchronize the objects that were already in the bucket before the rule configuration to the destination bucket. By default, these objects are not synchronized.

    Replicate KMS encrypted objects

    OBS will try to copy KMS encrypted objects no matter whether this option is selected or not.

    • If this option is selected, only the IAM agencies that have the KMS Administrator permission for both source and destination ends are displayed in the drop-down list of IAM Agency in the Create Cross-Region Replication Rule dialog box.
    • If this option is not selected, only the IAM agencies that do not have the KMS Administrator permission for either the source or destination end are displayed in the drop-down list of IAM Agency in the Create Cross-Region Replication Rule dialog box.

    If KMS is not available in the destination region or the agency does not have the KMS Administrator permission in the source and destination regions, KMS encrypted objects will fail to be replicated to the destination bucket, and the object replication status will be failed.

    After a KMS-encrypted object is replicated to the destination bucket, the key for encrypting the object copy changes to the default key obs/default of the destination region.

    Destination Bucket

    Region

    Indicates the region of the destination bucket. The destination and source buckets must be in different regions.

    Bucket

    Indicates the destination bucket.

    Change storage class for replicated objects

    By default, this option is not selected, indicating that the storage class of object copies is the same as that of the source objects. If you need to change the storage class of objects copies, select this parameter, then you can specify a storage class.

    Permissions

    IAM Agency

    Delegates OBS to operate your resources, so that OBS can use this agency to implement cross-region replication.

    If there is no IAM agency available, click View IAM agencies to create one. If you have already created IAM agencies, select one from the drop-down list.

    NOTE:

    Agency requirements:

    The IAM agency selected here must be of OBS. The OBS project must have the Tenant Administrator permission. If Replicate KMS encrypted objects is selected, the agency also needs the KMS Administrator permission in the regions where the source and destination buckets are located.

  6. (Optional) Create an IAM Agency. For details, see Creating an IAM Agency.
  7. Click OK. The cross-region replication rule is created.
Parent topic: Data Security