Missing or Disabled S3 Cross-Region Replication Rule

Overview

This S3 bucket does not have a Cross-Region Replication rule attached, or this S3 bucket has at least one Cross-Region Replication rule attached to it, but not enabled. Cross-Region Replication rules replicate objects and metadata to buckets across AWS Regions.

Remediation details:
If a Cross-Region Replication rule does not exist, please refer to the AWS user guide to create a rule and provision access as needed.

The remediation guide provides directions on how to enable a disabled Cross-Region Replication rule. You may need to manually copy / sync objects depending on your use case, because re-enabling a Cross-Region Replication rule does not trigger replication on previously created objects. See the referenced AWS user guide links for more detail.

If a Cross-Region Replication rule is no longer necessary, you may want to remove it as part of addressing this issue.

Vendor

AWS

Cloud Service

PCI DSS 2.2

CSMM v1 BCR-04.3, S3.7

References

https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html, https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-how-setup.html, https://docs.aws.amazon.com/AmazonS3/latest/userguide/disable-replication.html, https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-what-is-isnot-replicated.html

Severity

Item Types

AWS::S3::Bucket

Overview​

Vendor​

Cloud Service​

Related Requirements​

Related Controls​

References​

Severity​

Item Types​