I have a .zip file (in an S3 bucket) that needs to end up in an S3 bucket in every region within a single account.
Each of those buckets have identical bucket policies that allow for my account to upload files to them, and they all follow the same naming convention, like this:
foobar-{region}
ex: foobar-us-west-2
Is there a way to do this without manually dragging the file in the console into every bucket, or using the aws s3api copy-object command 19 times? This may need to happen fairly frequently as the file is updated, so I'm looking for a more efficient way to do it.
One way I thought about doing it was by making a lambda that has an array of all 19 regions I need, then loop through them to create 19 region-specific bucket names, each of which will have the object copied into it.
Is there a better way?
Just simply putting it into bash function. By using aws cli and jq you can do the following;
aws s3api list-buckets | jq -rc .Buckets[].Name | while read i; do
echo "Bucket name: ${i}"
aws s3 cp your_file_name s3://${i}/
done
A few options:
An AWS Lambda function could be triggered upon upload. It could then confirm whether the object should be replicated (eg I presume you don't want to copy every file that is uploaded?), then copy them out. Note that it can take quite a while to copy to all regions.
Use Cross-Region Replication to copy the contents of a bucket (or sub-path) to other buckets. This would be done automatically upon upload.
Write a bash script or small Python program to run locally that will copy the file to each location. Note that it is more efficient to call copy_object() to copy the file from one S3 bucket to another rather than uploading 19 times. Just upload to the first bucket, then copy from there to the other locations.
Related
I am looking for a way to copy from an S3 bucket in one region to another S3 bucket in a different region via a python script.
I am able to do it using AWS CLI using:
aws s3 cp source-bucket target-bucket --recursive --source-region region1 --region region2
However, I want to see if similar is possible within python script using boto3.
Whatever I have researched seems to work for same region using boto3.resource and resource.meta.cleint.copy
Amazon S3 can only 'copy' one object at a time.
When you use that AWS CLI command, it first obtains a list of objects in the source bucket and then calls copy_object() once for each object to copy (it uses multithreading to do multiple copies simultaneously).
You can write your own python script to do the same thing. (In fact, the AWS CLI is a Python program!) Your code would also need to call list_objects_v2() and then call copy_object() for each object to copy.
Given that the buckets are in different regions, you would send the commands to destination region, referencing the source region, for example:
s3_client = boto3.client('s3', region_name='destination-region-id)
response = s3_client.copy_object(Bucket=..., Key=..., CopySource={'Bucket': 'source-bucket', 'Key': 'source-key'})
I have a bucket with few milions objects with IntelligentTiering configuration accidentally applied and placed some files in Glacier.
Any ideas how to:
Move s3 entire bucket from IntelligentTiering to STANDARD
Permanently unarchive the frozen objects in the entire bucket
I had a similar situation and it's not straightforward. I was backing up my camera photos in Glacier tier and was not able to convert it. However, using CLI you can follow these steps to get it done.
STEP 1 - RESTORE OBJECTS
aws s3api restore-object --bucket bucketName --restore-request '{"Days":4,"GlacierJobParameters":{"Tier":"Standard"}}' --key "folderStructureToBeRestored/"
STEP 2 - CHECK HEAD (Do it periodically every hour to find if restore is completed by AWS)
aws s3api head-object --bucket bucketName --key "folderStructureToBeRestored/"
STEP 3 - CHANGE TIER
aws s3 cp s3://bucketName/path s3://bucketName/newPath --storage-class STANDARD --recursive --force-glacier-transfer
Move s3 entire bucket from IntelligentTiering to STANDARD
S3 lifecycles will not work for that. So you have to do it "manually". I would look at S3 Batch Operations:
Use S3 Batch Operations to copy objects and set object tags or access control lists (ACLs). You can also initiate object restores from Amazon S3 Glacier or invoke an AWS Lambda function to perform custom actions using your objects.
Copy objects actions allows for "changing an object's storage class".
Permanently unarchive the frozen objects in the entire bucket
S3 Batch could also be used.
I am using S3 replication to copy a bucket across AWS accounts (both are in the same region).
When originally I set up the replication I didn't notice that I had to check the "change ownership" box in order to allow access to the objects in the destination bucket (the original bucket is using AES-256 encryption).
I realized this after I have a couple of Terabytes already copied over to the other account.
Is there any way to update the existing copied objects in the destination bucket to allow access so that I do not have to copy them all over again?
FYI - To perform the copy I used cross-region replication with the copy to itself method as shown here in an AWS knowledge center page (see the " Use cross-Region replication or same-Region replication " section)-
https://aws.amazon.com/premiumsupport/knowledge-center/s3-large-transfer-between-buckets/
If anyone knows of a faster or better way I am all ears!!
You can iterate through all the objects and update the ACL. This needs to be done using credentials from the originating "owner" account of the object.
aws s3api put-object-acl --bucket XX --key XX --acl bucket-owner-full-control
I just did an experiment:
Copied an object from Account-A to Account-B
Account-B could not run the above command because it was not the bucket owner
Account-A could run the command
After that, Account-B could run the command, indicating that ownership had changed
The easiest method would be to write a small script (eg in Python) that gets a listing of the bucket and issues the put_object_acl() command using credentials from the original account. Or, if you don't feel confident writing that, simply create an Excel spreadsheet with the filenames and a formula to generate the above command.
It would be best to run the commands from an Amazon EC2 instance in the same region as the bucket, since communications will be faster than doing it from your own computer.
I need to clone a cross-bucket copied file as below:
# 1. copying file A -> file_B
aws s3 cp s3://bucket_a/file_A s3://bucket_b/file_B
# 2. cloning file_B -> file_C
aws s3 cp s3://bucket_b/file_B s3://bucket_b/file_C
Is there shorter/better way to do so?
EDIT:
bucket_a -> bucket_b is cross region (bucket_a and bucket_b are on the other side of earth)
file_B and file_C have the same name but with different prefix (so it's like bucket_b/prefix_a/file_B and bucket_b/prefix_b/file_B)
in summary, I want the file_A in a origin bucket_a to be copied in two places of the destination bucket_b, looking for a way to copy once instead of copy twice
The AWS Command-Line Interface (CLI) can copy multiple files, but each file is only copied once.
If your goal is to replicate the contents of a bucket to another bucket, you could use Cross-Region Replication (CRR) - Amazon Simple Storage Service but it only works between regions and it only copies objects that are stored after CRR is activated.
You can always write a script or program yourself using an AWS SDK to do whatever you wish.
I'm trying to copy Amazon AWS S3 objects between two buckets in two different regions with Amazon AWS PHP SDK v3. This would be a one-time process, so I don't need cross-region replication. Tried to use copyObject() but there is no way to specify the region.
$s3->copyObject(array(
'Bucket' => $targetBucket,
'Key' => $targetKeyname,
'CopySource' => "{$sourceBucket}/{$sourceKeyname}",
));
Source:
http://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectUsingPHP.html
You don't need to specify regions for that operation. It'll find out the target bucket's region and copy it.
But you may be right, because on AWS CLI there is source region and target region attributes which do not exist on PHP SDK. So you can accomplish the task like this:
Create an interim bucket in the source region.
Create the bucket in the target region.
Configure replication from the interim bucket to target one.
On interim bucket set expiration rule, so files will be deleted after a short time automatically from the interim bucket.
Copy objects from source bucket to interim bucket using PHP SDK.
All your objects will also be copied to another region.
You can remove the interim bucket one day later.
Or use just cli and use this single command:
aws s3 cp s3://my-source-bucket-in-us-west-2/ s3://my-target-bucket-in-us-east-1/ --recursive --source-region us-west-2 --region us-east-1
Different region bucket could also be different account. What others had been doing was to copy off from one bucket and save the data temporary locally, then upload to different bucket with different credentials. (if you have two regional buckets with different credentials).
Newest update from CLI tool allows you to copy from bucket to bucket if it's under the same account. Using something like what Çağatay Gürtürk mentioned.