Overview
You are looking for the procedure to set up CDR Replication from the production S3 bucket to another S3 bucket configured in AWS. The set of procedures below provides step-by-step instructions on how to perform this.
Pre-Requisites
Before you can actually configure the CDR Replication in Amazon S3 the following needs to be configured.
1. Enabling versioning of S3 buckets
Sign in to the AWS Management Console and open the Amazon S3 console. To enable versioning to do the following:
- In the Buckets list, choose the name of the bucket that you want to enable versioning for.
- Choose Properties.
- Under Bucket Versioning, choose Edit
- Select Enable as shown below
2. Set a policy in the target bucket on the replication target account
To set the policy on the target bucket please do the following:
1. Edit the Permissions on the target bucket:
2. Set the following policy JSON to be able to replicate the production S3 bucket:
{
"Version": "2012-10-17",
"Id": "PolicyForDestinationBucket",
"Statement": [
{
"Sid": "Permissions on objects and buckets",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::266643203619:role/service-role/s3crr_role_for_edrs-bucket-produseast1"
},
"Action": [
"s3:List*",
"s3:GetBucketVersioning",
"s3:PutBucketVersioning",
"s3:ReplicateDelete",
"s3:ReplicateObject"
],
"Resource": [
"arn:aws:s3:::totogichargingedr",
"arn:aws:s3:::totogichargingedr/*"
]
},
{
"Sid": "Permission to override bucket owner",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::266643203619:root"
},
"Action": "s3:ObjectOwnerOverrideToBucketOwner",
"Resource": "arn:aws:s3:::totogichargingedr/*"
}
]
}
Configuring the CDR Replication
Once you have completed the Pre-Requisites please open a support ticket including the following information:
- S3 target AWS account - Found on the top right corner of the AWS Management Console.
- S3 bucket ARN - Found from the Properties tab of the S3 bucket.
- The provider ID of the Totogi OCS tenant
- KMS encryption key -
- You can create a customer managed KMS key in the target AWS account by going to https://us-east-1.console.aws.amazon.com/kms/home?region=us-east-1#/kms/keys
-
Click “Create Key“:
-
Select this type of key:
-
Select a name for the key and click next until finishing the wizard:
-
Open the newly created key, scroll down and click “Add other AWS accounts“:
-
Add the production account 266643203619 and save the changes:
-
Take note of the new key KMS_KEY_ARN
The support team will work with the Infrastructure team to complete the task and update you once the task is completed.