All Products
Search
Document Center

CRR in specific scenarios

Last Updated: May 19, 2022

This topic describes how cross-region replication (CRR) works when it is used with versioning, lifecycle rules, server-side encryption, and retention policies.

Use CRR with versioning

Take note of the following limits when you use CRR with versioning:

  • You can enable CRR only between two buckets that are both versioned or unversioned. The versioning state of the source bucket and the destination bucket cannot be changed.

  • Versioning cannot be suspended for the source bucket or destination bucket during data replication. To suspend versioning for the source bucket and destination bucket, you must first delete the CRR rule configured for the buckets first.

The following table describes the results of operations performed by Object Storage Service (OSS) in CRR when an object is deleted from the versioned source bucket.

Request method

Operation

Result

Send a DeleteObject request in which the version ID of the object is not specified.

Add/Change

A delete marker is created for the object in the source bucket and is synchronized to the destination bucket.

Add/Delete/Change

A delete marker is created for the object in the source bucket and is synchronized to the destination bucket.

Send a DeleteObject request in which the version ID of the object is specified.

Add/Change

The deletion is not synchronized to the destination bucket.

Add/Delete/Change

The deletion is synchronized to the destination bucket.

For more information about how to configure data synchronization policies for versioned buckets, see Configure CRR.

Use CRR with lifecycle rules

When you use CRR with versioning, multiple previous object versions are synchronized to the destination bucket and incur additional storage costs. To reduce the costs, we recommend that you configure lifecycle rules for buckets to control storage costs and retain required data. For more information, see Lifecycle rules based on the last modified time.

Take note of the following items when you use CRR with lifecycle rules:

  • In CRR, only the operations performed based on the lifecycle rules but not the lifecycle rules are synchronized to the destination bucket. To apply the same lifecycle rules as the source bucket on the objects in the destination buckets, configure the same lifecycle rules for the destination bucket.

  • If a lifecycle rule is configured for the destination bucket, note that the created time of an object replicated to the destination bucket is the time when the object is created in the source bucket but not the time when it is replicated to the destination bucket.

  • If an object is deleted from the source bucket based on a lifecycle rule while the object is being replicated to the destination bucket, the replication may continue, and the replicated object in the destination bucket is retained.

Use CRR with server-side encryption

CRR supports unencrypted objects and objects encrypted by using SSE-KMS and SSE-OSS. For more information, see Server-side encryption.

The following table describes the encryption status of the destination object when CRR is used with server-side encryption.

Encryption status of the source object

Encryption status of the destination bucket

Whether SSE-KMS is used to encrypt the destination object

Encryption status of the destination object

Unencrypted

Unencrypted

N/A

Unencrypted

SSE-OSS

N/A

SSE-OSS

SSE-KMS without a specified CMK ID

N/A

SSE-KMS without a specified CMK ID

SSE-KMS with a specified CMK ID

Yes

A SyncRole and a CMK ID are configured.

SSE-KMS with a specified CMK ID

No

N/A. The source object cannot be replicated to the destination bucket.

SSE-OSS

Unrestricted

N/A

SSE-OSS

SSE-KMS without a specified CMK ID

Unrestricted

Yes

A SyncRole and a CMK ID are configured.

SSE-KMS with a specified CMK ID

No

SSE-KMS without a specified CMK ID

SSE-KMS with a specified CMK ID

Unrestricted

Yes

A SyncRole and a CMK ID are configured.

SSE-KMS with a specified CMK ID

No

N/A. The source object cannot be replicated to the destination bucket.

For more information about how to use SSE-KMS to encrypt objects when you configure CRR rules, see Configure CRR.

Use CRR with retention policies

After a retention policy configured for a bucket is locked, you can read objects from or upload objects to the bucket. However, the objects in the bucket cannot be overwritten or deleted within the retention period.

For more information about retention policies, see Retention policy.

The following table describes whether the source object can be synchronized to the destination bucket when CRR is used with retention policies.

Whether the source object is in the retention period

Allowed operation in the source bucket

Whether the destination object in the retention period

Whether the source object is synchronized to the destination bucket

No

Create an object

Yes

No

Overwrite an object

Yes

No

Delete an object

Yes

No

No

Create an object

No

Yes

Overwrite an object

No

Yes

Delete an object

No

Yes

Yes

Create an object

N/A

Yes