How to Set Up Cross-Account S3 Bucket Replication on AWS (Step-by-Step Guide)

Adesokan Yusuf SegunAdesokan Yusuf Segun
3 min read

Table of contents

If you've ever wanted to automatically replicate files from one AWS S3 bucket in Account A to another in Account B, this guide will show you how to achieve that using AWS S3 Replication. This process is particularly useful for ensuring backup, redundancy, or sharing data across different environments.

Scenario: You have s3bucketA in Account A (source) and s3bucketB in Account B (destination). Whenever you upload a file to s3bucketA, it should automatically appear in s3bucketB.

Prerequisites

  • Two AWS accounts (Account A and Account B)

  • IAM users in both with programmatic access (Access Key + Secret Key)

  • AWS CLI installed and configured for both accounts (using aws configure)

  • Both buckets in the same AWS region

Step-by-Step Setup

Step 1: Create the Source S3 Bucket in Account A

aws s3api create-bucket --bucket s3bucket-a-yourname --region us-east-1

aws s3api put-bucket-versioning \
  --bucket s3bucket-a-yourname \
  --versioning-configuration Status=Enabled

Step 2: Create the Destination S3 Bucket in Account B

aws s3api create-bucket --bucket s3bucket-b-yourname --region us-east-1

aws s3api put-bucket-versioning \
  --bucket s3bucket-b-yourname \
  --versioning-configuration Status=Enabled

Step 3: Add Bucket Policy to Destination Bucket (Account B)

In the AWS Console for s3bucketB:

  • Go to Permissions > Bucket Policy

  • Paste the following JSON:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowReplicationFromAccountA",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::ACCOUNT_A_ID:root"
      },
      "Action": [
        "s3:ReplicateObject",
        "s3:ReplicateDelete",
        "s3:ReplicateTags"
      ],
      "Resource": "arn:aws:s3:::s3bucket-b-yourname/*"
    }
  ]
}

Note: Be sure to replace ACCOUNT_A_ID with the actual Account A number.

Step 4: Create IAM Role for Replication in Account A

  1. Go to IAM > Roles in Account A

  2. Click Create Role

  3. Trusted Entity: Select S3

  4. Use Case: S3 - Replication

  5. Permissions Policy (custom):

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetReplicationConfiguration",
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::s3bucket-a-yourname"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObjectVersion",
        "s3:GetObjectVersionAcl",
        "s3:GetObjectVersionTagging"
      ],
      "Resource": "arn:aws:s3:::s3bucket-a-yourname/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:ReplicateObject",
        "s3:ReplicateDelete",
        "s3:ReplicateTags"
      ],
      "Resource": "arn:aws:s3:::s3bucket-b-yourname/*"
    }
  ]
}

  1. Name the role something like s3-replication-role

  2. Copy the role ARN for the next step

Step 5: Set Up Replication in s3bucketA

In Account A:

  • Go to S3 > s3bucket-a-yourname > Management tab > Replication Rules

  • Create a rule:

    • Scope: Apply to all objects

  • Destination: Select bucket s3bucket-b-yourname or paste full ARN

  • IAM Role: paste the IAM Role ARN created earlier

  • Enable rule

  • Check the box to Change ownership to destination bucket owner

Step 6: Test the Replication

In Account A: I uploaded some screenshot files

Then in Account B: The uploaded screenshot files should also be present in the s3 bucket of account B

Mistake i made before it was successful: I mistakenly put the source bucket name in the bucket policy instead of Account A’s ID, so make sure to double check your values.

Conclusion

  • AWS S3 Replication is a powerful feature for cross-account backups or syncing.

  • You must enable versioning on both buckets.

  • Double check bucket policies, IAM role trust relationships, and role permissions.

This guide helped me troubleshoot real issues and understand the finer details of cross-account permissions and S3 behavior. I'll be including screenshots of the setup and IAM policies in the full blog version.

0
Subscribe to my newsletter

Read articles from Adesokan Yusuf Segun directly inside your inbox. Subscribe to the newsletter, and don't miss out.

s3backupS3 bucketsAWSS3ReplicationDevopsinfrastructureclistorageDataBackups

Written by

Adesokan Yusuf Segun
Adesokan Yusuf Segun

Hey there! I'm Adesokan Yusuf Segun, a passionate DevOps Engineer and Entrepreneur with a deep love for technology, automation, and innovation. My journey into tech has been a thrilling ride from starting out in fashion entrepreneurship to diving deep into cloud computing and DevOps. I thrive on solving problems, optimizing workflows, and helping businesses scale efficiently. Whether it's CI/CD pipelines, containerization, cloud infrastructure, or automation, I’m always exploring new ways to enhance efficiency and reliability. Beyond tech, I run a self-motivation blog and a YouTube channel, where I inspire young professionals to push beyond limitations, build careers, and embrace financial independence. My blog serves as a guide to navigating digital skills, personal growth, and leveraging AI for success. Here, I share insights on DevOps, cloud computing, automation tools, freelancing, and productivity hacks. My goal is to document my learning journey, mentor aspiring tech professionals, and provide practical, real-world solutions for tech enthusiasts. If you’re passionate about DevOps, cloud computing, remote work, or digital transformation, let’s connect and grow together!