Describe the feature
Add support for S3 Tables Bucket replication by exposing the L1
AWS::S3Tables::TableBucket ReplicationConfiguration property through the
L2 TableBucket construct in @aws-cdk/aws-s3tables-alpha.
Related docs:
Use Case
We want to replicate S3 Tables across Regions / accounts for DR and
cross-account analytics. The L1 already accepts ReplicationConfiguration,
but the L2 TableBucket has no first-class API, so users have to drop down
to the CfnTableBucket escape hatch today.
Proposed Solution
Add two flat props to TableBucketProps (mirroring the pattern used by
aws-s3's replicationRole / replicationRules):
export interface TableBucketProps {
// ... existing props
/**
* Destination table buckets to replicate to.
*
* @default - No replication
*/
readonly replicationDestinations?: ITableBucket[];
/**
* The role to be used by the replication.
*
* When setting this property, you must also set `replicationDestinations`.
*
* @default - a new role will be created.
*/
readonly replicationRole?: iam.IRole;
}
// Usage
const dest = TableBucket.fromTableBucketArn(this, 'Dest', 'arn:...');
new TableBucket(this, 'Source', {
tableBucketName: 'src',
replicationDestinations: [dest],
});When replicationRole is omitted the construct creates a role with
least-privilege replication permissions and an s3tables.amazonaws.com trust
policy with aws:SourceAccount / aws:SourceArn confused-deputy conditions.
Notes:
- The CFN
ReplicationConfiguration wraps destinations in a rules: []
array, but a rule currently has no fields other than destinations, so
flattening to a single replicationDestinations: ITableBucket[] avoids a
speculative abstraction. If AWS later adds per-rule settings (filter,
priority, etc.), we can evolve the API — breaking changes are acceptable
in the alpha package.
- Escape hatch remains available via
node.defaultChild on the underlying
CfnTableBucket.
Other Information
- L1 types (
CfnTableBucket.ReplicationConfigurationProperty etc.) already
exist in aws-cdk-lib/aws-s3tables, so no L1 work is needed.
- Additive props, no breaking change.
Acknowledgements
AWS CDK Library version (aws-cdk-lib)
2.250.0
AWS CDK CLI version
2.1030.0
Environment details (OS name and version, etc.)
macOS 14.6 (Darwin 23.6.0)
Describe the feature
Add support for S3 Tables Bucket replication by exposing the L1
AWS::S3Tables::TableBucketReplicationConfigurationproperty through theL2
TableBucketconstruct in@aws-cdk/aws-s3tables-alpha.Related docs:
Use Case
We want to replicate S3 Tables across Regions / accounts for DR and
cross-account analytics. The L1 already accepts
ReplicationConfiguration,but the L2
TableBuckethas no first-class API, so users have to drop downto the
CfnTableBucketescape hatch today.Proposed Solution
Add two flat props to
TableBucketProps(mirroring the pattern used byaws-s3'sreplicationRole/replicationRules):When
replicationRoleis omitted the construct creates a role withleast-privilege replication permissions and an
s3tables.amazonaws.comtrustpolicy with
aws:SourceAccount/aws:SourceArnconfused-deputy conditions.Notes:
ReplicationConfigurationwraps destinations in arules: []array, but a rule currently has no fields other than
destinations, soflattening to a single
replicationDestinations: ITableBucket[]avoids aspeculative abstraction. If AWS later adds per-rule settings (filter,
priority, etc.), we can evolve the API — breaking changes are acceptable
in the alpha package.
node.defaultChildon the underlyingCfnTableBucket.Other Information
CfnTableBucket.ReplicationConfigurationPropertyetc.) alreadyexist in
aws-cdk-lib/aws-s3tables, so no L1 work is needed.Acknowledgements
AWS CDK Library version (aws-cdk-lib)
2.250.0
AWS CDK CLI version
2.1030.0
Environment details (OS name and version, etc.)
macOS 14.6 (Darwin 23.6.0)