teerraformにて、東京リージョン、大阪リージョンにて、
S3 クロスリージョンレプリケーションの記載を行なってみる。
◾️構成図
以下、terraformで、S3 クロスレプリケーションの記載方法になる。
provider "aws" {
region = "ap-northeast-1"
}
provider "aws" {
alias = "osaka"
region = "ap-northeast-3"
}
######################################
# Iam(aws_iam_role_policy_attachment)
#######################################
resource "aws_iam_role_policy_attachment" "replication" {
role = aws_iam_role.replication.name
policy_arn = aws_iam_policy.replication.arn
}
######################################
# Iam(aws_iam_role)
#######################################
resource "aws_iam_role" "replication" {
name = "tf-iam-role-replication-12345"
assume_role_policy = data.aws_iam_policy_document.assume_role.json
}
data "aws_iam_policy_document" "assume_role" {
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = ["s3.amazonaws.com"]
}
actions = ["sts:AssumeRole"]
}
}
#######################################
# Iam(aws_iam_policy)
#######################################
resource "aws_iam_policy" "replication" {
name = "tf-iam-role-policy-replication-12345"
policy = data.aws_iam_policy_document.replication.json
}
data "aws_iam_policy_document" "replication" {
statement {
effect = "Allow"
actions = [
"s3:ListBucket",
"s3:GetReplicationConfiguration",
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging",
"s3:GetObjectRetention",
"s3:GetObjectLegalHold"
]
resources = [
"${aws_s3_bucket.source.arn}",
"${aws_s3_bucket.destination.arn}",
"${aws_s3_bucket.source.arn}/*",
"${aws_s3_bucket.destination.arn}/*"
]
}
statement {
effect = "Allow"
actions = [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags",
"s3:ObjectOwnerOverrideToBucketOwner",
]
resources = [
"${aws_s3_bucket.destination.arn}/*",
"${aws_s3_bucket.source.arn}/*"
]
}
}
#########################################
# S3(aws_s3_bucket)destination
#########################################
resource "aws_s3_bucket" "destination" {
bucket = "tf-test-bucket-destination-tokyo"
}
##########################################
# S3(aws_s3_bucket_versioning)destination
##########################################
resource "aws_s3_bucket_versioning" "destination" {
bucket = aws_s3_bucket.destination.id
versioning_configuration {
status = "Enabled"
}
}
#####################################################
# S3(aws_s3_bucket_replication_configuration)destination
#####################################################
resource "aws_s3_bucket_replication_configuration" "destination" {
depends_on = [aws_s3_bucket_versioning.destination]
role = aws_iam_role.replication.arn
bucket = aws_s3_bucket.destination.id
rule {
id = "foobar2"
status = "Enabled"
filter {
prefix = ""
}
delete_marker_replication {
status = "Enabled"
}
destination {
bucket = aws_s3_bucket.source.arn
storage_class = "STANDARD"
replication_time {
status = "Enabled"
time {
minutes = 15
}
}
metrics {
event_threshold {
minutes = 15
}
status = "Enabled"
}
}
}
}
#######################################
# S3(aws_s3_bucket)Source
#######################################
resource "aws_s3_bucket" "source" {
provider = aws.osaka
bucket = "tf-test-bucket-source-osaka"
}
########################################
# S3(aws_s3_bucket_versioning)Sorce
########################################
resource "aws_s3_bucket_versioning" "source" {
provider = aws.osaka
bucket = aws_s3_bucket.source.id
versioning_configuration {
status = "Enabled"
}
}
#####################################################
# S3(aws_s3_bucket_replication_configuration)source
#####################################################
resource "aws_s3_bucket_replication_configuration" "source" {
provider = aws.osaka
depends_on = [aws_s3_bucket_versioning.source]
role = aws_iam_role.replication.arn
bucket = aws_s3_bucket.source.id
rule {
id = "foobar"
status = "Enabled"
filter {
prefix = ""
}
delete_marker_replication {
status = "Enabled"
}
destination {
bucket = aws_s3_bucket.destination.arn
storage_class = "STANDARD"
replication_time {
status = "Enabled"
time {
minutes = 15
}
}
metrics {
event_threshold {
minutes = 15
}
status = "Enabled"
}
}
}
}
#####################################################
# aws_s3control_multi_region_access_point
#####################################################
resource "aws_s3control_multi_region_access_point" "example" {
details {
name = "example"
region {
bucket = aws_s3_bucket.destination.id
}
region {
bucket = aws_s3_bucket.source.id
}
}
}
0 件のコメント:
コメントを投稿