S3 Access to Replicated Data

  • Updated on Jan 30, 2026
  • Published on Jan 28, 2026
  • 2 minute(s) read
Prev Next

The following features enable S3 access to data at replicated protected paths:

Replication of S3 Access Key Pairs and Identity Policies

S3 access key pairs and identity policies are replicated between replication peers along with protected path data as follows:

  • Access key pairs and identity policies associated with any users on external authorization providers that are configured on the source and the destination peer clusters are replicated from source peer to destination peer and vice versa. Access keys and identity policies are not replicated for users on the cluster's local provider.

  • Each cluster stores access key pairs and identity policies as either local or remote. Access keys and identity policies that are received by replication from remote peers are stored as remote. They cannot be modified or deleted, although they can be enabled and disabled. Remote identity policies are disabled by default.

No configuration is required to enable this feature.

Bucket Replication

Bucket replication is a feature that you can choose to enable on the cluster. This feature recreates buckets for you on replicated paths, with the properties of source buckets on the replication source peer.  It must be enabled on the source peer cluster. It prevents the need to manually create buckets in order to enable S3 access to data at replicated paths.

Note

Bucket replication cannot be disabled.

If bucket replication is enabled, any S3 buckets on or under replicated protected paths are automatically recreated at the replication target path, provided the bucket views are configured on the source peer with the S3 default view policy.

If a bucket was created manually on the target with the same name as the equivalent bucket at the source path, the source bucket's properties are applied to the manually created bucket.

The following properties of the source bucket are applied to the target bucket:

  • Object versioning status

  • s3 lock enablement status

  • object ownership rule

  • allow anonymous access status

  • has db status

  • The bucket policy

Buckets that are created by the bucket replication feature are created as bucket-enabled views with the S3 default view policy of the remote tenant.

Related articles