This topic describes how cross-region replication (CRR) works when it is used with versioning, lifecycle rules, server-side encryption, and retention policies.
Use CRR with versioning
Take note of the following limits when you use CRR with versioning:
You can enable CRR only between two buckets that are both versioned or unversioned. The versioning state of the source bucket and the destination bucket cannot be changed.
Versioning cannot be suspended for the source bucket or destination bucket during data replication. To suspend versioning for the source bucket and destination bucket, you must first delete the CRR rule configured for the buckets first.
The following table describes the results of operations performed by Object Storage Service (OSS) in CRR when an object is deleted from the versioned source bucket.
Request method | Operation | Result |
|---|---|---|
Send a DeleteObject request in which the version ID of the object is not specified. | Add/Change | A delete marker is created for the object in the source bucket and is synchronized to the destination bucket. |
Add/Delete/Change | A delete marker is created for the object in the source bucket and is synchronized to the destination bucket. | |
Send a DeleteObject request in which the version ID of the object is specified. | Add/Change | The deletion is not synchronized to the destination bucket. |
Add/Delete/Change | The deletion is synchronized to the destination bucket. |
For more information about how to configure data synchronization policies for versioned buckets, see Configure CRR.
Use CRR with lifecycle rules
When you use CRR with versioning, multiple previous object versions are synchronized to the destination bucket and incur additional storage costs. To reduce the costs, we recommend that you configure lifecycle rules for buckets to control storage costs and retain required data. For more information, see Lifecycle rules based on the last modified time.
Take note of the following items when you use CRR with lifecycle rules:
In CRR, only the operations performed based on the lifecycle rules but not the lifecycle rules are synchronized to the destination bucket. To apply the same lifecycle rules as the source bucket on the objects in the destination buckets, configure the same lifecycle rules for the destination bucket.
If a lifecycle rule is configured for the destination bucket, note that the created time of an object replicated to the destination bucket is the time when the object is created in the source bucket but not the time when it is replicated to the destination bucket.
If an object is deleted from the source bucket based on a lifecycle rule while the object is being replicated to the destination bucket, the replication may continue, and the replicated object in the destination bucket is retained.
Use CRR with server-side encryption
CRR supports unencrypted objects and objects encrypted by using SSE-KMS and SSE-OSS. For more information, see Server-side encryption.
The following table describes the encryption status of the destination object when CRR is used with server-side encryption.
Encryption status of the source object | Encryption status of the destination bucket | Whether SSE-KMS is used to encrypt the destination object | Encryption status of the destination object |
|---|---|---|---|
Unencrypted | Unencrypted | N/A | Unencrypted |
SSE-OSS | N/A | SSE-OSS | |
SSE-KMS without a specified CMK ID | N/A | SSE-KMS without a specified CMK ID | |
SSE-KMS with a specified CMK ID | Yes A SyncRole and a CMK ID are configured. | SSE-KMS with a specified CMK ID | |
No | N/A. The source object cannot be replicated to the destination bucket. | ||
SSE-OSS | Unrestricted | N/A | SSE-OSS |
SSE-KMS without a specified CMK ID | Unrestricted | Yes A SyncRole and a CMK ID are configured. | SSE-KMS with a specified CMK ID |
No | SSE-KMS without a specified CMK ID | ||
SSE-KMS with a specified CMK ID | Unrestricted | Yes A SyncRole and a CMK ID are configured. | SSE-KMS with a specified CMK ID |
No | N/A. The source object cannot be replicated to the destination bucket. |
For more information about how to use SSE-KMS to encrypt objects when you configure CRR rules, see Configure CRR.
Use CRR with retention policies
After a retention policy configured for a bucket is locked, you can read objects from or upload objects to the bucket. However, the objects in the bucket cannot be overwritten or deleted within the retention period.
For more information about retention policies, see Retention policy.
The following table describes whether the source object can be synchronized to the destination bucket when CRR is used with retention policies.
Whether the source object is in the retention period | Allowed operation in the source bucket | Whether the destination object in the retention period | Whether the source object is synchronized to the destination bucket |
|---|---|---|---|
No | Create an object | Yes | No |
Overwrite an object | Yes | No | |
Delete an object | Yes | No | |
No | Create an object | No | Yes |
Overwrite an object | No | Yes | |
Delete an object | No | Yes | |
Yes | Create an object | N/A | Yes |