S3 bucket replication (cross-region or same-region) is not enabled Affecting S3 service in AWS

    Severity Framework Snyk CCSS
    Rule category Availability / Redundancy

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
    CIS-Controls CSA-CCM ISO-27001 NIST-800-53 PCI-DSS SOC-2
  • Snyk ID SNYK-CC-00177
  • credit Snyk Research Team


Cross-Region S3 replication can help with meeting compliance requirements, minimizing latency, and increasing operational efficiency. Same-Region S3 replication can help with aggregating logs and compliance with data sovereignty laws.

How to fix?

Configure a replication_configuration block that specifies an IAM role for replicating objects and rules managing the replication.

Example Configuration

resource "aws_s3_bucket" "bucket" {
  provider = "aws.central"
  bucket   = "valid-replication-host"
  acl      = "private"

  versioning {
    enabled = true

  replication_configuration {
    role = "${aws_iam_role.replication.arn}"

    rules {
      id     = "ruleid"
      prefix = "ruleprefix"
      status = "Enabled"

      destination {
        bucket        = "${aws_s3_bucket.destination.arn}"
        storage_class = "STANDARD"
  # other required fields here