Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add S3 Replication KMS functionality #1013

Merged
merged 4 commits into from
Oct 11, 2024
Merged

Add S3 Replication KMS functionality #1013

merged 4 commits into from
Oct 11, 2024

Conversation

ASTRobinson
Copy link
Contributor

Key Changes
S3 Bucket Configuration:

  • Defined and configured replication rules with KMS encryption.
  • Enabled cross-account replication, ensuring that objects replicated to the destination bucket are encrypted using a customer-managed KMS key.
  • Switch back v2 configuration, adding delete marker replication enabled (previously switched due to referencing out-of-date documentation.

IAM Role and Policy for Replication:

  • Refactored IAM role with the required permissions to handle cross-account replication with KMS encryption.

KMS Key Configuration:

  • Ensured that the destination bucket uses a customer-managed KMS key (moj-cur-reports-key) which is owned by the destination account for cross-account replication.

Replication Rules

  • replica_kms_key_id - KMS key used for replicating objects
  • metrics - Replication metrics are enabled for monitoring and troubleshooting.
  • deletemarker - Enabled for versioned objects, ensuring that delete markers are replicated to the destination bucket.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 11, 2024
edited
Loading

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
✅ REPOSITORY gitleaks yes no 0.67s
✅ REPOSITORY trivy yes no 14.48s
✅ TERRAFORM terraform-fmt 4 0 0.23s
✅ TERRAFORM tflint yes no 11.53s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@ASTRobinson ASTRobinson marked this pull request as ready for review October 11, 2024 11:26
@ASTRobinson ASTRobinson requested a review from a team as a code owner October 11, 2024 11:26
connormaglynn
connormaglynn approved these changes Oct 11, 2024
View reviewed changes
Copy link
Contributor

@connormaglynn connormaglynn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀 Looks Good To Me!

@connormaglynn connormaglynn merged commit c50005d into main Oct 11, 2024
7 checks passed
@connormaglynn connormaglynn deleted the feature/s3-replication-update branch October 11, 2024 12:31
@ASTRobinson ASTRobinson mentioned this pull request Oct 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@connormaglynn connormaglynn connormaglynn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ASTRobinson @connormaglynn