How To Client Setup S3 Bucket Replication
Andy Dyrcz edited this page Oct 14, 2020
·
5 revisions
- Account ID:
<SOURCEOWNERID>: ${source-aws-account-id} - Bucket Name
<SOURCEBUCKET>: ${source-egress-client-bucket-name}
- Account ID:
<DESTINATIONOWNERID>: ${destination-aws-account-id} - Bucket Name
<DESTINATIONBUCKET>: ${destination-ingress-bucket-name}
Ensure versioning is enabled on the client owned destination bucket. Linkfire will do the same on our source bucket.
aws s3api put-bucket-versioning \
--bucket <DESTINATIONBUCKET> \
--versioning-configuration Status=Enabled
Add the following policy to the client bucket to ensure Linkfire can deliver raw data feeds to your destination s3 bucket.
{
"Version": "2012-10-17",
"Id": "LinkfireRawDataFeedDeliveryPolicy",
"Statement": [
{
"Sid": "AllowLinkfireReportDelivery",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<SOURCEOWNERID>:root"
},
"Action": [
"s3:GetBucketVersioning",
"s3:PutBucketVersioning",
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ObjectOwnerOverrideToBucketOwner"
],
"Resource": [
"arn:aws:s3:::<DESTINATIONBUCKET>",
"arn:aws:s3:::<DESTINATIONBUCKET>/*"
]
}
]
}
Notify your Linkfire account manager or the security engineer that you are working with that you have enabled versioning and the s3 bucket policy, and we will the test and ensure replication/delivery is fully enabled.
If you have any questions, please reach out to security@linkfire.com. We also provide means to communicate through a secure channel during implementation using Keybase.