Go back to the Amazon S3 console and click the name of the source bucket. Click the Management tab and then the Replication button.
Click the Add rule button to start creating a replication rule. Your source bucket will most likely not have versioning enabled. If that is the case, click the Enable versioning button when you see the below notification.
Leave the default setting for Set source on Entire bucket.
Check the box Replicate objects encrypted with AWS KMS and make sure that the key
aws/s3 is selected. If you are using Amazon Connect, also add
aws/connect. You might need to type
aws/connect into the search field and press Enter to add it to the list. Other potentially available keys that maybe automatically selected, can be unselected. Click the Next button.
On the next screen, enter the name of your target bucket in the Destination bucket field. You will be notified once more for the target bucket that object versioning must be enabled, so click the Enable versioning button.
Next select the encryption key for server side encryption of objects in the target bucket. In the drop down box AWS KMS key for destination objects select
aws/s3. Click the Next button.
On the next screen, we need to give our replication rule a name. Additionally, it needs to have the credentials to read the S3 objects from the source bucket and to write them to the destination bucket. For that it will have to assume an IAM role with the respective policy that allows that.
In the drop down list IAM role select
Create new role. With that, we can have a new role for this automatically created with the necessary credentials.
In the field Rule name enter a name for your replication rule that makes sense to you.
Review the settings you have just made and click the Save button.
Congratulations, you have successfully set up a cross-region replication rule.