AWS S3 Cross‑Region Replication – My Learning Journey

My Story – Persistence Pays Off

I messed up. I accidentally deleted the CRR IAM role and kept asking AI for help. Four hours later, after digging deep and never giving up, the AI finally pointed me to this amazing YouTube video. Using that guidance, I finally managed to copy all 21 files safely. It was a tough ride, but it taught me a lot. We live, we learn, and we keep going!

Why Two IAM Roles & Cross‑Account/Cross‑Region Setup?

• One IAM role in the source account allows S3 to replicate objects.
• Another IAM role in the destination account (for cross-account) allows the source to write safely.
• Any missing role or permission mismatch can block replication and cause “Pending” or “Failed” objects.
• Cross-region replication adds extra complexity with regional endpoints, KMS keys, and bucket policies.

Step‑by‑Step Process

1. Create the source bucket (original region/account).
2. Create the destination bucket (target region/account).
3. Enable versioning on both source and destination buckets (required for replication).
4. Destination account: create IAM role that allows source account to write; set trust policy.
5. Source account: create IAM role for replication; assign permissions and trust S3 service.
6. Enable replication on the source bucket, choose destination bucket, assign roles, set rules.
7. Check bucket policies to allow the replication roles to read/write.
8. Test by uploading an object; check replication status (“COMPLETED”).
9. Debug any errors via CloudTrail, CloudWatch, or S3 metrics.