Overview - Object Storage Service - Alibaba Cloud Documentation Center

Cross-region replication (CRR) enables the automatic and asynchronous (near real-time) replication of objects across buckets in different Object Storage Service (OSS) regions. CRR synchronizes operations such as the creation, overwriting, and deletion of objects from a source bucket to a destination bucket.

Scenarios

CRR can meet your requirements for cross-region disaster recovery and data replication. Objects in destination buckets are exact replicas of objects in the source bucket. The objects have the same object names, versioning information, object content, and object metadata, such as the creation time, owner, user metadata, and access control list (ACL). You can configure CRR rules to meet your business requirements:

Compliance requirements
OSS stores multiple replicas of objects in physical disks. However, to meet compliance requirements, the replicas must be stored in multiple data centers that are located at a geographical distance from each other. CRR allows you to replicate data between geographically distant data centers to meet compliance requirements.
Minimal latency
You have customers who are located in two geographical locations. To minimize the latency that occurs when the customers access objects, you can maintain the replicas of objects in data centers that are geographically closer to the customers.
Data backup and disaster recovery
You have strict requirements for data security and availability. You want to replicate all data in a data center to another data center. If one data center is damaged because of a catastrophic event, such as an earthquake or a tsunami, you can use the data that is backed up in the other data center.
Data migration
For business reasons, you may need to migrate data from one data center to another data center.
Operational reasons
You have compute clusters that are deployed in two data centers to analyze the same group of objects. You can maintain the replicas of the objects in the two regions.

Features

CRR provides the following features:

RTC
After Replication Time Control (RTC) is enabled, OSS replicates most of the objects that you uploaded to OSS within a few seconds and replicates 99.99% of objects within 10 minutes. In addition, RTC provides real-time monitoring of data replication. This allows you to easily monitor replication tasks by using different metrics.
Near real-time data replication
You can configure CRR rules to monitor data that is added, removed, or modified in near real time and synchronize these changes to a destination bucket. This ensures data consistency between the source and destination buckets.
Historical data migration
Historical data can be replicated from a source bucket to a destination bucket. This way, two data replicas are individually stored in the source and destination buckets.
Replication progress query
You can view the most recent replication time of the replicated data and the progress of the replication for historical data migration in percentage.
Versioning
CRR ensures eventual consistency between the data in the source and destination buckets for which versioning is enabled. If you configure a CRR rule to replicate only the added and modified data, deletion operations performed on the specified version of an object in the source bucket are not replicated to the destination bucket. However, the delete markers created in the source bucket are replicated to the destination bucket.
Transfer acceleration
You can use transfer acceleration to accelerate data transfer when CRR tasks are performed across regions inside and outside the Chinese mainland. For more information, see Enable transfer acceleration.
Replication of encrypted data
CRR allows you to replicate objects that are not encrypted and objects that are encrypted by using SSE-KMS or SSE-OSS. For more information, see CRR in specific scenarios.
Event notification and real-time log query
You can use the following methods to receive notifications of changes that are made to objects in source and destination buckets during CRR. The changes include adding, modifying, removing, and overwriting objects.
- Set the event type to the following values in the event notification rule: ObjectReplication:ObjectCreated, ObjectReplication:ObjectRemoved, and ObjectReplication:ObjectModified. For more information, see Overview.
- Enable real-time log query in the OSS console to obtain the statistics of operations that are performed on objects. For more information, see Query real-time logs.

Usage notes

Billing
- You are charged for the traffic that is generated when you use CRR to replicate objects in OSS. For more information, see Traffic fees.
- Each time an object is replicated, OSS calculates the number of requests. You are charged for the requests. For more information, see API operation calling fees.
- If you enable transfer acceleration, you are charged transfer acceleration fees. For more information, see Transfer acceleration fees.
- If you enable RTC, you are charged additional RTC fees. For more information, see RTC traffic fees.
- If you use CRR to replicate Archive objects from a source bucket to a destination bucket, no data retrieval operations are involved in the process, and you are not charged data retrieval fees.
Replication time
In CRR, data is asynchronously replicated in near real time. The period of time that is required to replicate data from the source bucket to the destination bucket may range from a few minutes to a few hours. The replication time varies based on the data size.

Limits

Regions
- CRR is supported in the following regions: China (Hangzhou), China (Shanghai), China (Nanjing - Local Region), China (Fuzhou - Local Region), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Chengdu), China (Hong Kong), US (Silicon Valley), US (Virginia), Japan (Tokyo), South Korea (Seoul), Singapore, Australia (Sydney), Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Thailand (Bangkok), India (Mumbai), Germany (Frankfurt), UK (London), and UAE (Dubai).
- You must enable transfer acceleration when you perform CRR between the regions inside and outside the Chinese mainland.
- CRR rules based on object tags can be configured only in the following scenarios:
  - The source region is China (Hangzhou), and the destination region is a region other than China (Hangzhou).
  - The source region is Australia (Sydney), and the destination region is a region outside the Chinese mainland, except for Australia (Sydney).
Number of CRR rules
Data in a source bucket can be replicated to multiple destination buckets. By default, you can configure up to 100 CRR rules for a bucket. A bucket can be specified as a source bucket in a CRR rule and a destination bucket in another CRR rule at the same time.
If you want to configure more than 100 CRR rules for a bucket, contact technical support.
Operations
- You can configure CRR between two unversioned buckets or between two versioning-enabled buckets.
- You cannot change the versioning status of two buckets for which a CRR rule is configured.
- If you configure a CRR rule for two buckets, an object replicated from the source bucket may overwrite an object that has the same name in the destination bucket.
- Data in a source bucket can be replicated to multiple destination buckets. By default, you can configure up to 100 CRR rules for a bucket. A bucket can be specified as a source bucket in a CRR rule and a destination bucket in another CRR rule at the same time. If you want to configure more than 100 CRR rules for a bucket, contact technical support.
- Cold Archive objects in a source bucket cannot be replicated to a destination bucket.
- You cannot replicate Appendable objects in a source bucket to a destination bucket whose storage class is Cold Archive.

Use the OSS console

Log on to the OSS console.
In the left-side navigation pane, click Buckets. On the Buckets page, click the name of the bucket for which you want to enable CRR.
In the left-side navigation tree, choose Data Management > Cross-Region Replication.
On the Cross-Region Replication tab, click the Cross-Region Replication button.

In the Cross-Region Replication panel, configure the parameters. The following table describes the parameters.

Section	Parameter	Description
Configure Destination Bucket	Region	The region in which the source bucket is located.
	Source Bucket	The name of the current bucket.
	Region	The region in which the destination bucket is located.
	Destination Bucket	The bucket to which you want to replicate data.
Configure Replication Policy	Objects to Replicate	The objects that you want to replicate. All Files in Source Bucket: OSS replicates all objects from the source bucket to the destination bucket. Files with Specified Prefix: OSS replicates the objects whose names contain a specific prefix from the source bucket to the destination bucket. You can specify up to 10 prefixes.
	Object Tagging	The tags of the objects that you want to replicate to the destination bucket. Objects that contain the specified tags are replicated to the destination bucket. Select Configure Rules and add tags in key-value pairs. You can add up to 10 tags. To configure this parameter, make sure that the following conditions are met: Tags are configured for objects. For more information, see Configure object tagging. Versioning is enabled for the source bucket and the destination bucket. The Replication Policy parameter is set to Add/Change. If the source region is China (Hangzhou), the destination region can be a region other than China (Hangzhou). If the source region is Australia (Sydney), the destination region can be a region outside the Chinese mainland, except for Australia (Sydney).
	Replication Policy	The data replication mode. Add/Change: OSS replicates only the added or changed data from the source bucket to the destination bucket. Add/Delete/Change: OSS replicates object creation, modification, and deletion operations from the source bucket to the destination bucket. If you use the multipart upload method to upload an object to the source bucket, each uploaded part is replicated to the destination bucket. The complete object that is obtained by calling the CompleteMultipartUpload operation is also replicated to the destination bucket. For more information about how to configure CRR for objects in versioning-enabled buckets, see CRR in specific scenarios.
	Replicate Historical Data	Specifies whether to replicate historical data (data that exists in the source bucket before you enable CRR) to the destination bucket. Yes: Historical data is replicated to the destination bucket. Important When historical data is replicated, objects that are replicated from the source bucket may overwrite objects that have the same names in the destination bucket. To prevent data loss, we recommend that you enable versioning for the source and destination buckets. No: OSS replicates only objects that are uploaded or updated after the CRR rule takes effect to the destination bucket.
	Replicate Objects Encrypted based on KMS	If Key Management Service (KMS)-based encryption is configured for the objects in the source or destination bucket, you must set the Replicate Objects Encrypted based on KMS parameter to Yes and configure the following parameters: CMK ID: The customer master key (CMK) that is used to encrypt the objects in the destination bucket. If you want to use a CMK to encrypt objects, you must create a CMK in the same region as the destination bucket in the KMS console. For more information, see Create a CMK. RAM Role Name: The RAM role that is authorized to perform KMS-based encryption on the destination objects. New RAM Role: A RAM role is created by OSS to encrypt the destination objects by using CMKs. The RAM role is in the `kms-replication-sourceBucketName-destinationBucketName` format. AliyunOSSRole: The AliyunOSSRole role is used to perform KMS-based encryption on the destination objects. If the AliyunOSSRole role does not exist, OSS automatically creates the AliyunOSSRole role when you select this option. Note If you create a RAM role or modify the permissions of an existing RAM role, make sure that you attach the `AliyunOSSFullAccess` policy to the role. Otherwise, data may fail to be replicated. You can call the HeadObject operation to query the encryption status of objects in the source bucket and the GetBucketEncryption operation to query the encryption status of objects in the destination bucket. For more information about how to use CRR with server-side encryption, see CRR in specific scenarios.
Configure Replication Speed	Acceleration Type	The acceleration type. Only Transfer Acceleration is supported. You can use transfer acceleration to accelerate data transfer when you replicate data between regions inside and outside the Chinese mainland. If you enable transfer acceleration, you are charged transfer acceleration fees. For more information, see Transfer acceleration fees.
Configure Replication Speed	Replication Time Control (RTC)	After the RTC feature is enabled, OSS replicates most of the objects that you uploaded to OSS within a few seconds and replicates 99.99% of objects within 10 minutes. For more information, see RTC. RTC incurs costs. For more information, see RTC traffic fees.

Click OK.
- After you configure a CRR rule, you cannot modify or delete the rule.
- After you configure a CRR rule, the replication task starts in 3 to 5 minutes. To view the progress of replication tasks, go to the Cross-Region Replication page of the source bucket.
- In CRR, data is asynchronously replicated. The period of time that is required to replicate data from the source bucket to the destination bucket varies based on the amount of data. The period of time may range from a few minutes to a few hours.

Use OSS SDKs

The following sample code provides examples on how to enable CRR by using OSS SDKs for common programming languages. For more information about how to enable CRR by using OSS SDKs for other programming languages, see Overview.

Java

import com.aliyun.oss.ClientException;
import com.aliyun.oss.OSS;
import com.aliyun.oss.common.auth.*;
import com.aliyun.oss.OSSClientBuilder;
import com.aliyun.oss.OSSException;
import com.aliyun.oss.model.AddBucketReplicationRequest;

public class Demo {

    public static void main(String[] args) throws Exception {
        // In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
        String endpoint = "https://oss-cn-hangzhou.aliyuncs.com";
        // Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. 
        EnvironmentVariableCredentialsProvider credentialsProvider = CredentialsProviderFactory.newEnvironmentVariableCredentialsProvider();
        // Specify the name of the bucket. Example: examplebucket. 
        String bucketName = "examplebucket";
        // Specify the destination bucket to which you want to replicate the data. 
        String targetBucketName = "yourTargetBucketName";
        // Specify the region in which the destination bucket is located. 
        // If you want to enable CRR, the source and destination buckets must be located in different regions. If you want to enable SRR, the source and destination buckets must be located in the same region. 
        String targetBucketLocation = "yourTargetBucketLocation";

        // Create an OSSClient instance. 
        OSS ossClient = new OSSClientBuilder().build(endpoint, credentialsProvider);

        try {
            AddBucketReplicationRequest request = new AddBucketReplicationRequest(bucketName);

            request.setTargetBucketName(targetBucketName);
            request.setTargetBucketLocation(targetBucketLocation);
            // Specify whether to replicate historical data. By default, historical data is replicated. In this example, historical data is not replicated. 
            request.setEnableHistoricalObjectReplication(false);
            // Specify the name of the role that you want to authorize OSS to use for data replication. If you want to use SSE-KMS to encrypt the objects that are replicated to the destination bucket, you must specify a role. 
            //request.setSyncRole("yourRole");
            // Specify whether to replicate the objects that are encrypted by using SSE-KMS. 
            //request.setSseKmsEncryptedObjectsStatus("Enabled");
            // Specify the customer master key (CMK) ID used in SSE-KMS. If Status is set to Enabled, you must specify a key ID. 
            //request.setReplicaKmsKeyID("3542abdd-5821-4fb5-a425-90adca***");
            //List prefixes = new ArrayList();
            //prefixes.add("image/");
            //prefixes.add("video");
            //prefixes.add("a");
            //prefixes.add("A");
            // Specify the prefixes that are contained in the names of the objects that you want to replicate. After you specify the prefixes, only objects whose names contain the prefixes are replicated to the destination bucket. 
            //request.setObjectPrefixList(prefixes);
            //List actions = new ArrayList();
            //actions.add(AddBucketReplicationRequest.ReplicationAction.ALL);
            // Specify the operations that can be replicated to the destination bucket. The default value is ALL, which indicates that all operations performed on objects in the source bucket are replicated to the destination bucket. 
            //request.setReplicationActionList(actions);
            ossClient.addBucketReplication(request);
        } catch (OSSException oe) {
            System.out.println("Caught an OSSException, which means your request made it to OSS, "
                    + "but was rejected with an error response for some reason.");
            System.out.println("Error Message:" + oe.getErrorMessage());
            System.out.println("Error Code:" + oe.getErrorCode());
            System.out.println("Request ID:" + oe.getRequestId());
            System.out.println("Host ID:" + oe.getHostId());
        } catch (ClientException ce) {
            System.out.println("Caught an ClientException, which means the client encountered "
                    + "a serious internal problem while trying to communicate with OSS, "
                    + "such as not being able to access the network.");
            System.out.println("Error Message:" + ce.getMessage());
        } finally {
            if (ossClient != null) {
                ossClient.shutdown();
            }
        }
    }
}

Python

# -*- coding: utf-8 -*-
import oss2
from oss2.credentials import EnvironmentVariableCredentialsProvider
from oss2.models import ReplicationRule
# Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. 
auth = oss2.ProviderAuth(EnvironmentVariableCredentialsProvider())
# Specify the endpoint of the region in which the source bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. 
# Specify the name of the source bucket from which you want to replicate the data. Example: srcexamplebucket. 
bucket = oss2.Bucket(auth, 'https://oss-cn-hangzhou.aliyuncs.com', 'srcexamplebucket')
replica_config = ReplicationRule(
    # Specify the destination bucket to which you want to replicate data. 
    target_bucket_name='destexamplebucket',
    # Specify the region in which the destination bucket is located. 
    # If you want to enable CRR, the source and destination buckets must be located in different regions. If you want to enable SRR, the source and destination buckets must be located in the same region. 
    target_bucket_location='yourTargetBucketLocation'
)

# Specify the prefixes that are contained in the names of the objects that you want to replicate. After you specify a prefix, only objects whose names contain the prefix are replicated to the destination bucket. 
# prefix_list = ['prefix1', 'prefix2']
# Configure the data replication rule. 
# replica_config = ReplicationRule(
     # prefix_list=prefix_list,
     # Specify the operations that can be replicated to the destination bucket. The default value is ALL, which indicates that all operations performed on objects in the source bucket are synchronized to the destination bucket. 
     # action_list=[ReplicationRule.ALL],
     # Specify the destination bucket to which you want to replicate data. 
     # target_bucket_name='destexamplebucket1',
     # Specify the region in which the destination bucket is located. 
     # target_bucket_location='yourTargetBucketLocation',
     # Specify whether to replicate historical data. By default, historical data is replicated. In this example, historical data is not replicated. 
     # is_enable_historical_object_replication=False,
     # Specify the link that is used to transfer data during data replication. 
     # target_transfer_type='oss_acc',
     # Specify the role that you want to authorize OSS to use to replicate data. If you want to use SSE-KMS to encrypt the objects that are replicated to the destination bucket, you must specify this parameter. 
     # sync_role_name='roleNameTest',
     # Replicate the objects that are encrypted by using SSE-KMS. 
     # sse_kms_encrypted_objects_status=ReplicationRule.ENABLED
     # Specify the CMK ID used in SSE-KMS encryption. If you want to use SSE-KMS to encrypt the objects that are replicated to the destination bucket, you must configure this parameter. 
     # replica_kms_keyid='9468da86-3509-4f8d-a61e-6eab1eac****',
  #)

# Enable data replication. 
bucket.put_bucket_replication(replica_config)

package main

import (
	"encoding/xml"
	"fmt"
	"github.com/aliyun/aliyun-oss-go-sdk/oss"
	"os"
)

func HandleError(err error) {
	fmt.Println("Error:", err)
	os.Exit(-1)
}

// Enable data replication. 
func main() {
	// Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured. 
	provider, err := oss.NewEnvironmentVariableCredentialsProvider()
	if err != nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}
	// Create an OSSClient instance. 
	// Specify the endpoint of the region in which the bucket is located. For example, if the bucket is located in the China (Hangzhou) region, set the endpoint to https://oss-cn-hangzhou.aliyuncs.com. Specify your actual endpoint. 
	client, err := oss.New("yourEndpoint", "", "", oss.SetCredentialsProvider(&provider))
	if err != nil {
		fmt.Println("Error:", err)
		os.Exit(-1)
	}
	// Specify the name of the source bucket. 
	srcbucketName := "srcexamplebucket"
	// Specify the name of the destination bucket. 
	destBucketName := "destexamplebucket"
	// Specify prefixes prefix_1 and prefix_2 that are contained in the names of the objects that you want to replicate. After you specify the prefixes, only objects whose names contain one of the prefixes are replicated to the destination bucket. 
	// To replicate all objects from the source bucket to the destination bucket, do not specify prefixes. 
	prefix1 := "prefix_1"
	prefix2 := "prefix_2"
	// Specify the customer master key (CMK) ID used in SSE-KMS encryption. If SSE-KMS encryption is enabled, you must specify a key ID. 
	keyId := "c4d49f85-ee30-426b-a5ed-95e9139d"
	// Specify whether to replicate objects that are encrypted by using SSE-KMS. 
	source := "Enabled"
	prefixSet := oss.ReplicationRulePrefix{Prefix: []*string{&prefix1, &prefix2}}
	// Enable the RTC feature. 
	enabled := "enabled"
	reqReplication := oss.PutBucketReplication{
		Rule: []oss.ReplicationRule{
			{
				PrefixSet: &prefixSet,
				// Specify the operations that can be replicated to the destination bucket. The default value is ALL. This indicates that all operations performed on objects in the source bucket are replicated to the destination bucket. 
				Action: "ALL",
				RTC:    &enabled,
				Destination: &oss.ReplicationRuleDestination{
					Bucket: destBucketName,
					// Specify the region in which the destination bucket is located. 
					// If you want to enable CRR, the source and destination buckets must be located in different regions. If you want to enable SRR, the source and destination buckets must be located in the same region. 
					Location: "oss-cn-hangzhou",
					// Specify the link that is used to transfer data during data replication. This example uses oss_acc, which indicates that the link for transfer acceleration is used. 
					TransferType: "oss_acc",
				},
				// Specify whether to replicate historical data. By default, historical data is replicated. In this example, historical data is not replicated. 
				HistoricalObjectReplication: "disabled",
				SyncRole:                    "aliyunramrole",
				EncryptionConfiguration:     &keyId,
				SourceSelectionCriteria:     &source,
			},
		},
	}

	xmlBody, err := xml.Marshal(reqReplication)
	if err != nil {
		HandleError(err)
	}
	err = client.PutBucketReplication(srcbucketName, string(xmlBody))

	if err != nil {
		HandleError(err)
	}

	fmt.Println("Put Bucket Replication Success!")
}

Use ossutil

You can use ossutil to enable CRR. For more information, see replication.

Use RESTful APIs

If your business requires a high level of customization, you can directly call RESTful APIs. To directly call an API, you must include the signature calculation in your code. For more information, see PutBucketReplication.

FAQ

Does SSR synchronize lifecycle rule-based deletions from the source bucket to the destination bucket?

It depends on whether the replication policy of the SSR rule is Add/Change or Add/Delete/Change.

Add/Change: When objects are deleted from the source bucket based on a lifecycle rule, OSS does not delete their copies from the destination bucket.
Add/Delete/Change: When objects are deleted from the source bucket based on a lifecycle rule, OSS deletes their copies from the destination bucket.
Note
In the destination bucket, you may find objects with the same names as those that are deleted from the source bucket based on a lifecycle rule. This does not indicate that the Add/Delete/Change replication policy fails to take effect. The same-name objects in the destination bucket are not real copies of objects that are deleted from the source bucket. They may be separately written to the destination bucket and given the same names as the objects that have been deleted from the source bucket based on a lifecycle rule.

Do versioning-suspended buckets support CRR?

No, CRR is not supported by versioning-suspended buckets. You can configure CRR between two unversioned buckets or between two versioning-enabled buckets.

Does OSS support chained replication?

No, OSS does not support chained replication. For example, if a data replication rule is configured to replicate data from Bucket A to Bucket B and another data replication rule is configured to replicate data from Bucket B to Bucket C, data in bucket A is only replicated to Bucket B and is not replicated to Bucket C.

If you want to replicate data from Bucket A to Bucket C, you must configure a data replication rule to replicate data from Bucket A to Bucket C.

Why is the replication progress of historical data displayed as 0% for a long period of time?

The replication progress of historical data is not updated in real time. You must wait until all objects are scanned. If a large number of objects are stored in your bucket, such as hundreds of millions of objects, several hours is required before the replication progress of historical data is updated. If the replication progress of historical data is not updated, it does not mean that historical data is not replicated to the destination bucket.

You can check whether historical data in the source bucket is replicated to the destination bucket by viewing the storage capacity of the destination bucket and traffic usage, such as inbound and outbound traffic. For more information about how to view the storage capacity of the destination bucket and CRR traffic, see View the resource usage of a bucket.

If the destination bucket uses KMS to encrypt data, am I charged for the encryption algorithm operations?

If the destination bucket uses KMS to encrypt data, you are charged for encryption algorithm operations. For more information about the fees, see Billing of KMS.

Can I disable CRR?

Yes, you can click Disable Replication in the Actions column on the Cross-Region Replication page to disable CRR.

After you disable CRR, the replicated data is stored in the destination bucket. The incremental data in the source bucket is not replicated to the destination bucket.