Amazon S3 Replication Time Control

[ewbankkit]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Amazon S3 Replication Time Control (S3 RTC) is a new feature of S3 Replication that provides a predictable replication time backed by a Service Level Agreement (SLA).

New or Affected Resource(s)

• aws_s3_bucket

Potential Terraform Configuration

resource "aws_s3_bucket" "example" {
  replication_configuration {
  }
}

References

Announcement.
Blog post.
Developer guide.

Requires AWS SDK v1.25.39:

• Update module aws/aws-sdk-go to v1.25.42 #10955

Related:

• Amazon S3 Two-way Replication via Replica Modification Sync #16539

[winem]

This would also allow to enable the replication monitoring. S3 RTC needs to be enabled for the replication metrics to be available. Otherwise you can enable them but it'll show no data. Would love to see this one merged.

[jonjohnston]

Please get this in. I have been waiting for almost 2 years for this feature!

[jonjohnston]

@YakDriver Please, can you include this in the v3.50.0 or v3.51.0 release.

[itadityachoudhari]

any alternatives?

[rambabugovind]

Not sure if this a "correct" way to do it but I am currently using local-exec provisioner as a workaround. You would have to add the below code in your .tf file

resource "null_resource" "s3_bucket" {
  depends_on = [
    # a resource, module, etc...
  ]
  triggers = {
    # below statement makes sure the local-exec provisioner is invoked on every run
    always_run = timestamp()
    encoded_replication_config = local.replication_config
  }
  provisioner "local-exec" {
    command = "aws s3api put-bucket-replication --bucket '${primary_bucket_name}' --replication-configuration '${self.triggers.encoded_replication_config}'"
  }
}

locals {
  replication_config = jsonencode({
    "Role" : role_arn,
    "Rules" : [
      {
        "ID": "replication-id"
        "Status" : "Enabled",
        "Priority" : 1,
        "DeleteMarkerReplication" : { "Status" : "Disabled" },
        "Filter" : { "Prefix" : "" },
        "Destination" : {
          "Bucket" : replica_bucket_arn,
          "ReplicationTime" : {
            "Status" : "Enabled",
            "Time" : {
              "Minutes" : 15
            }
          },
          "Metrics" : {
            "Status" : "Enabled",
            "EventThreshold" : {
              "Minutes" : 15
            }
          }
        }
      }
    ]
  })
}

You can modify the replication_config as per your needs. Please note, the replication config created using this approach would NOT be a part of Terraform's state. Hope this helps!
Refs:

1. https://www.reddit.com/r/Terraform/comments/i9sx12/how_do_i_use_tf_variables_inside_a_localexec/
2. https://blog.logrocket.com/dirty-terraform-hacks/

[tmccombs]

Unfortunately, the local provisioner solution doesn't work if the aws provider is assuming a role (as is the case for me) because the temporary tokens are not available.

[github-actions]

This functionality has been released in v3.64.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[tcheksa62]

Hi,

Issue 17817 was closed but only one of asked feature are available. @ewbankkit
This feature enable usage of S3 RTC feature, but not "Replication metrics and notifications".
We can't enable "Replication metrics and notifications" with Terraform. And from this update, we have drift when we enable it from console :

- metrics {
   - minutes = 0 -> null
   - status = "Enabled" -> null
   }
}

We tried to config this param like terraform plan output, but metrics minutes value can't configured to 0.

Regards,
Tcheksa

[ewbankkit]

@tcheksa62 Could you please open a new Issue?
Thanks.

[drmaciej]

@tcheksa62
I ran into the same problem. I found that using the replication_configuration block wasn't good enough - some fields were missing, and I couldn't hook up metrics either.
I followed the recommendation from https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#using-replication-configuration and ended up using a separate aws_s3_bucket_replication_configuration resource - works without any issues.

[tcheksa62]

Hi @drmaciej,
Thank for the tip !
I will try this, I need to rewrite my module.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.