[Enhancement]: For resource aws_s3_bucket_replication_configuration add support for replciation between s3 outpost buckets

[andre1704]

Description

On AWS when you created s3 bucket on the outpost it is possible to add replication between outpost buckets, it is described in the documentation: https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-between-outposts.html. To set such replication you need to provide:

• Source access point name
• destinationAccess point ARN

which is not possible with aws_s3_bucket_replication_configuration. So I would like to ask about adding such a feature that would allow us to use this resource to create a replication between two buckets on the outpost.

Affected Resource(s) and/or Data Source(s)

aws_s3_bucket_replication_configuration

Potential Terraform Configuration

in resource aws_s3_bucket_replication_configuration the field bucket could support the outpost access point or add another field that we could use instead of the bucket like bucket_access_point as the source for the replication.

in destination configuration, the field bucket could accept as well the outpost access point or we could add another field like bucket_access_point

References

To make sure that current settings not support it I have tested below code:

variable "vpc_id" {
  type        = string
  description = "vpc id"
}

variable "outpost_id" {
  type        = string
  description = "outpost id"
}

resource "aws_s3control_bucket" "bucket_name" {
  bucket     = "test0001"
  outpost_id = var.outpost_id
}

resource "aws_s3control_bucket" "bucket_name2" {
  bucket     = "test0002"
  outpost_id = var.outpost_id
}

resource "aws_s3_access_point" "op_access_point" {
  bucket = aws_s3control_bucket.bucket_name.id
  name   = "ap-test0001"

  vpc_configuration {
    vpc_id = var.vpc_id
  }
}

resource "aws_s3_access_point" "op_access_point2" {
  bucket = aws_s3control_bucket.bucket_name2.id
  name   = "ap-test0002"

  vpc_configuration {
    vpc_id = var.vpc_id
  }
}

data "aws_iam_policy_document" "source_bucket_replication_role" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "Service"
      identifiers = ["s3-outposts.amazonaws.com"]
    }
  }
}

resource "aws_iam_role_policy" "s3_replication_role" {

  role = aws_iam_role.s3_replication_role.id
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = [
            "s3-outposts:GetObjectVersionForReplication",
            "s3-outposts:GetObjectVersionTagging"
        ]
        Effect = "Allow"
        Resource = [
            "${aws_s3control_bucket.bucket_name.arn}/object/*",
            "${aws_s3_access_point.op_access_point.arn}/object/*"
        ]
      },
      {
        Action = [
            "s3-outposts:ReplicateObject",
            "s3-outposts:ReplicateDelete"
        ]
        Effect = "Allow"
        Resource = [
            "${aws_s3control_bucket.bucket_name2.arn}/object/*",
            "${aws_s3_access_point.op_access_point2.arn}/object/*"
         ]  
      }
    ]
  })
}

resource "aws_iam_role" "s3_replication_role" {
  name = "s3-replication-role-outpost-test01"
  assume_role_policy = data.aws_iam_policy_document.source_bucket_replication_role.json
}

resource "aws_s3_bucket_replication_configuration" "outpost_replication" {
  bucket = aws_s3control_bucket.bucket_name.id
  role   = aws_iam_role.s3_replication_role.arn
  rule {
    status = "Enabled"
    filter {}
    delete_marker_replication {
      status = "Enabled"
    }
    priority = 1

    destination {
      bucket = aws_s3_access_point.op_access_point2.arn
      access_control_translation {
        owner = "Destination"
      }
      replication_time {
        time {
          minutes = 15
        }
        status = "Enabled"
      }
      metrics {
        status = "Enabled"
        event_threshold {
          minutes = 15
        }
      }
    }
  }
}

And I got an error

Error: expected length of bucket to be in the range (1 - 63), got arn:aws:s3-outposts:us-west-2:xxxxxxxx:outpost/op-xxxxxxxxxxx/bucket/test0001

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.