Hi
I’d like to replicate objects from one S3 bucket to multiple destination buckets. Using the web interface console, it’s possible to attach multple Replication rules. With Terraform, only one configuration seems to get attached to a bucket.
In Terraform, I’ve got the following.
$ terraform version
Terraform v1.2.5
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v4.24.0
+ provider registry.terraform.io/hashicorp/random v3.3.2
resource "aws_s3_bucket_replication_configuration" "replication_source_to_destination" {
provider = aws.source
# Must have bucket versioning enabled first
depends_on = [aws_s3_bucket_versioning.source, aws_s3_bucket_versioning.destination]
role = aws_iam_role.replication_source_to_destination.arn
bucket = aws_s3_bucket.source.bucket
rule {
id = "repl-s2d-${local.source_to_destination_uuidv5}"
filter {}
status = "Enabled"
priority = 100
delete_marker_replication {
status = "Enabled"
}
destination {
account = data.aws_caller_identity.destination_primary.account_id # account id of the destination account.
bucket = aws_s3_bucket.destination.arn
access_control_translation { # We want to make the destination bucket the owner
owner = "Destination"
}
encryption_configuration {
replica_kms_key_id = aws_kms_key.destination.arn
}
metrics {
event_threshold {
minutes = 15
}
status = "Enabled"
}
replication_time {
status = "Enabled"
time {
minutes = 15
}
}
}
source_selection_criteria {
replica_modifications {
status = "Enabled"
}
sse_kms_encrypted_objects {
status = "Enabled"
}
}
}
}
resource "aws_s3_bucket_replication_configuration" "replication_source_primary_to_secondary" {
provider = aws.source
# Must have bucket versioning enabled first
depends_on = [aws_s3_bucket_versioning.source, aws_s3_bucket_versioning.source_secondary]
role = aws_iam_role.replication_source_to_destination.arn
bucket = aws_s3_bucket.source.bucket
rule {
id = "repl-p2s-${local.source_primary_to_secondary_uuidv5}"
filter {}
status = "Enabled"
priority = 1000
delete_marker_replication {
status = "Enabled"
}
destination {
account = data.aws_caller_identity.source_primary.account_id # account id of the destination account.
bucket = aws_s3_bucket.source_secondary.arn
access_control_translation { # We want to make the destination bucket the owner
owner = "Destination"
}
encryption_configuration {
replica_kms_key_id = aws_kms_replica_key.source_replica.arn
}
metrics {
event_threshold {
minutes = 15
}
status = "Enabled"
}
replication_time {
status = "Enabled"
time {
minutes = 15
}
}
}
source_selection_criteria {
replica_modifications {
status = "Enabled"
}
sse_kms_encrypted_objects {
status = "Enabled"
}
}
}
}
When I run terraform apply -auto-approve multiple times, it’ll have perpetual configuration changes in module.prod-to-backup.aws_s3_bucket_replication_configuration.replication_source_to_destination and module.prod-to-backup.aws_s3_bucket_replication_configuration.replication_source_primary_to_secondary. The web console shows, that there’s only one (1) configuration attached.
Why is that?
I have read the Resource: aws_s3_bucket_replication_configuration documentation and am aware about the note:
S3 Buckets only support a single replication configuration. Declaring multiple aws_s3_bucket_replication_configuration resources to the same S3 Bucket will cause a perpetual difference in configuration.
I have configured rule → priority and it is unique for the two configurations (it’s set to 100 and 1000).
Thanks for your help 
