Connect and Configure Cross-Region-Replication for Purity CloudSnap AWS S3 Buckets with Pure Cloud Block Store
Introduction
This document illustrates how to use Purity CloudSnapTM to offload to a bucket then replicate to another bucket by leveraging S3 cross-region-replication (CRR). This provides a third copy of data to be located off the region and can be recovered on-demand to a new Cloud Block Store in that region. This scenario can be used as an inter-region Cold Disaster Recovery or a long-term data archive.
To learn more about CloudSnap, Please refer to CloudSnap Best Practices and Users Guide, you can also check Cody Hosterman blog Configuring FlashArray Offload to AWS S3.
Architecture
The diagram below shows the architecture this document aims to achieve. Region X refers to the source region and Region Y as the destination region. The replicated bucket "Bucket-2" can be utilized in case of a disaster or whenever the data is needed to be recovered in that region. This can be easily achieved by deploying new CBS and connecting the bucket and restoring the offloaded snapshot.
Requirements
- This guide uses Cloud Block Store as the source array, and CloudSnap is enabled by default. If FlashArray is used instead, please follow Steps to Install CloudSnap to install and enable CloudSnap.
- For this guide AWS S3 is used as a replication/offload target, users need to have an AWS account where S3 buckets can be created and configured.
- CloudSnap uses replication interfaces, and it is over HTTPS, so make sure to add port 443 to CBS replication security group.
Create AWS S3 Buckets
Authentication
Configure Replication Rule
The replication is configured to be one-directional from the source bucket "Bucket-1" to the destination bucket "Bucket-2".
Start by navigating to "Bucket-1". Then under Management, select Create replication rule.
Choose the rule name, and keep the Status as Enabled. An enabled rule starts working once this rule is saved.
Make sure to apply the rule to all the objects in the source bucket by selecting Apply to all objects in the bucket. Then choose the destination “Bucket-2” using Browse S3.
It is mandatory for buckets replication to enable Versioning. If it is not enabled beforehand, the AWS console shows a banner where you can click and enable for both source and destination. examples below:
Source Bucket
Destination Bucket
For IAM role, select Create new role from the dropdown list.
It is recommended to choose Create new role rather than choosing an existed IAM role. Once the replication rule is saved, AWS S3 creates a new IAM role and generates a new policy that matches the configuration of the source and destination buckets.
You must enable Replicate objects encrypted with AWS KMS. This is required since the encryption is enabled on the source bucket.
Since this is a cross-region-replciation, you need to choose the AWS KMS key for decrypting source objects, make sure to select the correct one, selected in the previous section. Then choose a key on the destination region to re-encrypt the objects.
For this practice all the keys used are AWS KMS managed keys, you can always create or bring your custom key.
Save the rule, and with this replication is configured.
Configure Lifecycle Rule
CloudSnap uses one lifecycle rule and it is auto-created once the bucket is initialized by the array. Therefore, the following step applies to the destination bucket "Bucket-2" only, the source bucket will be connected to the array the step after.
On your local machine or AWS CloudShell, Create a file offload_lifecycle.json
and paste the following rule to it.
{ "Rules": [ { "ID": "AbortIncompleteMultipartUpload", "Filter": {}, "Status": "Enabled", "AbortIncompleteMultipartUpload": { "DaysAfterInitiation": 1 } } ] }
Then use AWS CLI to create the lifecycle rule on the destination bucket. Make sure to replace the bucket name (highlighted in green below)
aws s3api put-bucket-lifecycle-configuration --bucket cbs-offload-us-bucket-2 --lifecycle-configuration file://offload_lifecycle.json
Verify on AWS Console that the lifecycle rule is created.
Connect to Source S3 Bucket
How to Use the Destination Bucket
The following are the steps to perform on the DR region in order to recover the replicated snapshot to a new CBS:
1. Deploy Cloud Block Store on the region where the destination bucket is located. You can achieve this by following the deployment guide on AWS Console, AWS CLI, or using Terraform.
2. Connect destination "Bucket-2" to the newly deployed CBS. Check Connect to Cloudsnap S3 bucket from CBS array.
3. Restore the offloaded snapshots. Check Restoring a snapshot from the offload target.
4. Create volumes from restored snapshots. Check Creating a Volume from the Restored Snapshot.