🎯 Mục tiêu Task 16: Setup S3 Cross-Region Replication - DISASTER RECOVERY + BACKUP
Task 16 enable cross-region backup:
Backup Strategy: Primary Region (ap-southeast-1) → Backup Region (ap-northeast-1)
S3 Console → Review existing buckets:
Critical buckets cần backup:
High Priority:
vinashoes-product-images: Product catalog images
vinashoes-artifacts-prod: CI/CD build artifacts
Medium Priority:
vinashoes-cloudtrail-logs: Audit trail logs
vinashoes-aws-config: Configuration snapshots
Low Priority:
vinashoes-temp-uploads: Temporary files
Disaster Recovery Matrix:
Region Strategy:
Primary: ap-southeast-1 (Singapore)
Backup: ap-northeast-1 (Tokyo)
Replication Rules:
Product Images: Full replication (business critical)
CI/CD Artifacts: Selective replication (recent builds only)
Logs: Archive to Glacier in backup region
S3 Console → Create bucket (ap-northeast-1):
Basic Configuration:
Settings:
Advanced:
S3 Console → Create bucket (ap-northeast-1):
Basic Configuration:
Lifecycle Configuration:
IAM Console → Roles → Create role:
Trusted Entity:
Permissions Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTagging"
],
"Resource": [
"arn:aws:s3:::vinashoes-product-images/*",
"arn:aws:s3:::vinashoes-artifacts-prod/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags"
],
"Resource": [
"arn:aws:s3:::vinashoes-product-images-backup-apne1/*",
"arn:aws:s3:::vinashoes-artifacts-backup-apne1/*"
]
}
]
}
S3 Console → vinashoes-product-images → Management → Replication:
Create Replication Rule:
Rule Scope:
Destination:
Additional Options:
S3 Console → vinashoes-artifacts-prod → Management → Replication:
Create Replication Rule:
Rule Scope:
Destination:
Additional Options:
S3 Console → vinashoes-product-images → Upload:
Test Product Image:
Check Replication:
CloudWatch Console → Metrics → S3:
Replication Metrics:
Setup Alerts:
CLI Reference:
# Test upload file
aws s3 cp test-image.jpg s3://vinashoes-product-images/
# Check replication status
aws s3api head-object \
--bucket vinashoes-product-images \
--key test-image.jpg \
--query 'ReplicationStatus'
# Verify in destination
aws s3 ls s3://vinashoes-product-images-backup-apne1/
Test scenario: Singapore region unavailable
Access Backup Region:
Application Failover:
Data Verification:
⚠️ Cảnh báo: Việc clean up sẽ xóa vĩnh viễn dữ liệu backup và replication rules. Hãy đảm bảo không còn cần thiết trước khi thực hiện!
Xóa replication rules:
# Xóa replication rule cho product images
aws s3api delete-bucket-replication \
--bucket vinashoes-product-images \
--id ProductImagesBackup
# Xóa replication rule cho artifacts
aws s3api delete-bucket-replication \
--bucket vinashoes-artifacts-prod \
--id ArtifactsBackup
Xóa backup buckets:
# Xóa tất cả objects trong backup buckets
aws s3 rm s3://vinashoes-product-images-backup-apne1 --recursive
aws s3 rm s3://vinashoes-artifacts-backup-apne1 --recursive
# Xóa backup buckets
aws s3 rb s3://vinashoes-product-images-backup-apne1
aws s3 rb s3://vinashoes-artifacts-backup-apne1
Xóa IAM role:
# Detach policy và xóa role
aws iam detach-role-policy \
--role-name VinaShoesS3ReplicationRole \
--policy-arn arn:aws:iam::aws:policy/service-role/AmazonS3ReplicationRole
aws iam delete-role --role-name VinaShoesS3ReplicationRole
📋 Lưu ý khi clean up:
💰 Phân tích chi phí S3 Cross-Region Replication
| Storage Class | Primary Region (Singapore) | Backup Region (Tokyo) | Ghi chú |
|---|---|---|---|
| Standard | $0.023/GB/tháng | $0.025/GB/tháng | Hot data |
| Standard-IA | $0.0125/GB/tháng | $0.0138/GB/tháng | Infrequent access |
| Glacier | $0.004/GB/tháng | $0.0044/GB/tháng | Archive |
| Component | Chi phí | Ghi chú |
|---|---|---|
| Data Transfer (CRR) | $0.02/GB | Transfer từ Singapore → Tokyo |
| Replication Time Control | $0.015/GB | Nếu enable RTC |
| Requests | $0.005/1,000 requests | API calls cho replication |
| Storage (Backup) | Tùy storage class | Nhân đôi storage costs |
| Component | Chi phí | Ghi chú |
|---|---|---|
| Primary Storage (100GB) | $2.30/tháng | Standard class |
| Backup Storage (100GB) | $2.50/tháng | Standard class |
| Data Transfer (Initial) | $2.00 | One-time setup |
| Replication (Ongoing) | $0.20/tháng | Per GB changes |
| Tổng cộng | ~$7.00/tháng | Plus initial $2 |
| Scenario | Estimated Monthly Cost | Optimization Tips |
|---|---|---|
| Small E-commerce (10GB) | $1-2 | Use IA cho backup |
| Medium E-commerce (1TB) | $50-100 | Selective replication |
| Large E-commerce (10TB+) | $500+ | Glacier cho archive |
| Development/Test | $0.50-1 | Small test data |
| Metric | Without CRR | With CRR | Savings/Benefit |
|---|---|---|---|
| Data Durability | 99.999999999% | 99.999999999% | Same, but geo-redundant |
| RTO (Recovery Time) | Hours-Days | Minutes | Faster recovery |
| Business Impact | High | Low | Reduced downtime costs |
| Compliance | Partial | Full | Meet DR requirements |
| Annual Cost | $0 | $84 | Cost of protection vs risk |
💡 Cost Optimization Tips: