alicloud_oss_bucket_replication
更新时间:
Provides an independent replication configuration resource for OSS bucket.
For information about OSS replication and how to use it, see What is cross-region replication and What is same-region replication.
-> NOTE: Available since v1.161.0.
Example Usage
Set bucket replication configuration
resource "random_integer" "default" {
max = 99999
min = 10000
}
resource "alicloud_oss_bucket" "bucket_src" {
bucket = "example-src-${random_integer.default.result}"
}
resource "alicloud_oss_bucket" "bucket_dest" {
bucket = "example-dest-${random_integer.default.result}"
}
resource "alicloud_ram_role" "role" {
name = "example-role-${random_integer.default.result}"
document = <<EOF
{
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": [
"oss.aliyuncs.com"
]
}
}
],
"Version": "1"
}
EOF
description = "this is a test"
force = true
}
resource "alicloud_ram_policy" "policy" {
policy_name = "example-policy-${random_integer.default.result}"
policy_document = <<EOF
{
"Statement": [
{
"Action": [
"*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "1"
}
EOF
description = "this is a policy test"
force = true
}
resource "alicloud_ram_role_policy_attachment" "attach" {
policy_name = alicloud_ram_policy.policy.name
policy_type = alicloud_ram_policy.policy.type
role_name = alicloud_ram_role.role.name
}
resource "alicloud_kms_key" "key" {
description = "Hello KMS"
pending_window_in_days = "7"
status = "Enabled"
}
resource "alicloud_oss_bucket_replication" "cross-region-replication" {
bucket = alicloud_oss_bucket.bucket_src.id
action = "PUT,DELETE"
historical_object_replication = "enabled"
prefix_set {
prefixes = ["prefix1/", "prefix2/"]
}
destination {
bucket = alicloud_oss_bucket.bucket_dest.id
location = alicloud_oss_bucket.bucket_dest.location
}
sync_role = alicloud_ram_role.role.name
encryption_configuration {
replica_kms_key_id = alicloud_kms_key.key.id
}
source_selection_criteria {
sse_kms_encrypted_objects {
status = "Enabled"
}
}
}
Argument Reference
The following arguments are supported:
bucket- (Required, ForceNew) The name of the bucket.prefix_set- (Optional, ForceNew) The prefixes used to specify the object to replicate. Only objects that match the prefix are replicated to the destination bucket. Seeprefix_setbelow.destination- (Required, ForceNew) Specifies the destination for the rule. Seedestinationbelow.action- (Optional, ForceNew) The operations that can be synchronized to the destination bucket. You can set action to one or more of the following operation types. Valid values:ALL(contains PUT, DELETE, and ABORT),PUT,DELETEandABORT. Defaults toALL.historical_object_replication- (Optional, ForceNew) Specifies whether to replicate historical data from the source bucket to the destination bucket before data replication is enabled. Can beenabledordisabled. Defaults toenabled.sync_role- (Optional, ForceNew) Specifies the role that you authorize OSS to use to replicate data. If SSE-KMS is specified to encrypt the objects replicated to the destination bucket, it must be specified.source_selection_criteria- (Optional, ForceNew) Specifies other conditions used to filter the source objects to replicate. Seesource_selection_criteriabelow.encryption_configuration- (Optional, ForceNew) Specifies the encryption configuration for the objects replicated to the destination bucket. Seeencryption_configurationbelow.progress- (Optional) Specifies the progress for querying the progress of a data replication task of a bucket.
prefix_set
The prefix_set configuration block supports the following:
prefixes- (Required, ForceNew) The list of object key name prefix identifying one or more objects to which the rule applies.
NOTE: The prefix must be less than or equal to 1024 characters in length.
destination
The destination configuration block supports the following:
bucket- (Required, ForceNew) The destination bucket to which the data is replicated.location- (Required, ForceNew) The region in which the destination bucket is located.transfer_type- (Optional, ForceNew) The link used to transfer data in data replication.. Can beinternaloross_acc. Defaults tointernal.
NOTE: You can set transfer_type to oss_acc only when you create cross-region replication (CRR) rules.
source_selection_criteria
The source_selection_criteria configuration block supports the following:
sse_kms_encrypted_objects- (Optional, ForceNew) Filter source objects encrypted by using SSE-KMS. Seesse_kms_encrypted_objectsbelow.
source_selection_criteria-sse_kms_encrypted_objects
The sse_kms_encrypted_objects configuration block supports the following:
status- (Optional, ForceNew) Specifies whether to replicate objects encrypted by using SSE-KMS. Can beEnabledorDisabled.
encryption_configuration
The encryption_configuration configuration block supports the following:
replica_kms_key_id- (Required, ForceNew) The CMK ID used in SSE-KMS.
NOTE: If the status of sse_kms_encrypted_objects is set to Enabled, you must specify the replica_kms_key_id.
Attributes Reference
The following attributes are exported:
id- The current replication configuration resource ID. Composed of bucket name and rule_id with format<bucket>:<rule_id>.rule_id- The ID of the data replication rule.status- The status of the data replication task. Can be starting, doing and closing.progress- Retrieves the progress of the data replication task. This status is returned only when the data replication task is in the doing state.historical_object- The percentage of the replicated historical data. This element is valid only when historical_object_replication is set to enabled.new_object- The time used to distinguish new data from historical data. Data that is written to the source bucket before the time is replicated to the destination bucket as new data. The value of this element is in GMT.
Import
Oss Bucket Replication can be imported using the id, e.g.
$ terraform import alicloud_oss_bucket_replication.example
Timeouts
The timeouts block allows you to specify timeouts for certain actions:
delete- (Defaults to 30 mins) Used when delete a data replication rule (until the data replication task is cleared).
反馈
- 本页导读 (0)
文档反馈