Lab complete!
Now that you have completed this lab, make sure to update your Well-Architected review if you have implemented these changes in your workload.
Click here to access the Well-Architected Tool
To test bi-directional replication using the two rules your created, you will upload another object into each of the east and west S3 buckets and observe it is replicated across to the other bucket. For this step you will need two more test objects:
File #1 | File #2 |
---|---|
![]() | ![]() |
<your_naming_prefix>-crrlab-us-east-2
<your_naming_prefix>-crrlab-us-west-2
AWS CloudTrail is a service that provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. You will use AWS CloudTrail to explore which Amazon S3 events trigger replication to occur.
Change back to the east AWS region
The CloudFormation template you deployed configured CloudTrail to deliver a trail to CloudWatch Logs. Therefore:
Where it says Select log group(s) select the one named CloudTrail/logs/<your_prefix_name>
Right below that is where you can enter a query
Delete the query that is there
and enter the following query. It returns all PutObject
requests on S3 buckets
fields @timestamp, requestParameters.key AS key,
| requestParameters.bucketName AS bucket,
| userIdentity.invokedBy AS invokedBy,
| userIdentity.arn AS arn,
| userIdentity.sessionContext.sessionIssuer.userName AS UserName
| filter eventName ='PutObject'
| sort @timestamp desc
| limit 20
Click Run query
Look at the results at the bottom of the screen
You are looking for three results, one for each of the test objects you uploaded. Use the key field to see the test object names.
Troubleshooting: If your query returned less or more than three results then consult this guide to tuning your Insights query
For these events look at the tabular attributes returned by the query at the bottom of the page
The three events correspond to each of the objects you put into the S3 buckets
The CloudWatch Logs Insights page should look like this:
The result is:
These are optional. They help you to explore and understand bi-direction cross-region replication on Amazon S3.
Look at the Permissions on the <your-naming-prefix>-S3-Replication-Role-… IAM Roles
What happens when you rename an object in one of the buckets?
Switch to the west AWS region and run the same CloudWatch Insights Query there.
You created two S3 buckets in two different AWS regions. You then setup bi-directional cross-region replication (CRR) between the two Amazon S3 buckets. Putting an object in either bucket resulted in the object asynchronously being backed up to the other bucket. Objects encrypted in their original bucket are also encrypted in their replication bucket. Objects are replicated once – replication “looping” is prevented.
Now that you have completed this lab, make sure to update your Well-Architected review if you have implemented these changes in your workload.
Click here to access the Well-Architected Tool