1. Overview

S3 Replication allows you to automatically copy objects between S3 buckets. It can work across AWS Regions (Cross-Region Replication) or within the same Region (Same-Region Replication).

Prerequisites for Replication 1) Versioning MUST be enabled on both source and destination buckets. 2) Source and destination can be in different accounts. 3) An IAM role must be configured that S3 can assume to replicate objects on your behalf. 4) Replication is asynchronous (not instant).


2. CRR vs SRR

3. Replication Key Rules


What IS Replicated

  1. New objects uploaded AFTER replication is enabled
  2. Object metadata and tags
  3. Object ACLs (if enabled)
  4. Object Lock settings (if configured)
  5. Objects encrypted with SSE-S3 (automatic)
  6. Objects encrypted with SSE-KMS (requires explicit opt-in and destination KMS key)


What is NOT Replicated

  1. Objects that existed BEFORE replication was enabled (use S3 Batch Replication for these)
  2. Objects encrypted with SSE-C (customer-provided keys)
  3. Delete markers (by default — can be optionally enabled)
  4. Permanent deletes of specific versions (version ID deletes are NOT replicated)
  5. Objects in the Glacier or Glacier Deep Archive storage class
  6. Lifecycle rule actions (lifecycle rules are not replicated)
Important Warning Replication is NOT retroactive. Enabling replication only copies NEW objects going forward. To replicate existing objects, you must use S3 Batch Replication (a separate one-time job). This is a very common exam question.

4. S3 Batch Replication

  1. Replicates EXISTING objects that were uploaded before replication was enabled
  2. Also replicates objects that previously failed replication
  3. One-time or on-demand job using S3 Batch Operations
  4. Separate from ongoing replication — ongoing replication handles new objects automatically

5. Replication Chaining

Replication does NOT chain. If Bucket A replicates to Bucket B, and Bucket B replicates to Bucket C, objects from A are NOT automatically replicated to C. You would need a separate replication rule from A to C.

6. Delete Marker Replication

  1. By default, delete markers are NOT replicated
  2. You can optionally enable delete marker replication
  3. Permanent deletes (specific version ID) are NEVER replicated (prevents malicious cross-account deletion)

7. S3 Replication Time Control (S3 RTC)

  1. Guarantees that 99.99% of objects are replicated within 15 minutes
  2. Provides replication metrics and event notifications
  3. Higher cost than standard replication
  4. Use for: compliance requirements with strict replication SLAs

8. Replication Configuration Options

9. When to use

Use S3 Replication when you need to automatically copy objects between buckets — either across regions (CRR) or within the same region (SRR).

Common scenarios:

Cross-Region Replication (CRR):

  1. Compliance — Store copies of data in a different geographic region to meet regulatory requirements.
  2. Lower latency — Serve data closer to users in another region.
  3. Disaster recovery — Keep a backup in a separate region in case of regional failure.
  4. Cross-account replication — Copy data to a bucket owned by a different AWS account.

Same-Region Replication (SRR):

  1. Log aggregation — Merge logs from multiple buckets into one.
  2. Data redundancy within a region — Keep a second copy in the same region (e.g., different account).
  3. Live replication between environments — Replicate from production bucket to test/dev bucket.


Exam Tip Replication questions: "Copy data to another Region for DR" = CRR. "Aggregate logs from multiple accounts in same Region" = SRR. "Replicate existing objects" = S3 Batch Replication. "Versioning required" = yes, both buckets. "Delete markers replicated?" = not by default (opt-in). "Permanent deletes replicated?" = NEVER. "Guarantee 15-min SLA" = S3 RTC. No chaining: A→B→C does NOT replicate A to C.