Profile Applicability:
- Level 2
Description:
AWS offers multiple storage classes for S3, each optimized for specific access patterns and cost requirements. Proper configuration of storage classes ensures that data is stored in the most cost-effective tier based on frequency of access, retention, and compliance requirements. This helps manage storage costs while maintaining performance and durability.
Rationale:
Configuring appropriate storage classes ensures:
Cost optimization for infrequently accessed or archival data
Data lifecycle management and tiering policies are enforced
Compliance and backup strategies align with business needs
Automation of transitions and deletions via lifecycle policies
Default Value:
By default, S3 objects are stored in the Standard storage class unless specified otherwise.
Impact:
Pros:
• Reduces storage costs based on access frequency and data size
• Supports long-term retention using classes like Glacier or Deep Archive
• Enables automated transitions using lifecycle rules
Cons:
• Misconfigured policies may lead to unexpected retrieval costs
• Access latency may increase for archival classes
• Requires monitoring and review as data patterns evolve
Pre-requisites:
IAM Permissions Required:
s3:PutLifecycleConfiguration, s3:GetLifecycleConfiguration, s3:GetBucketLocation
s3:GetObject, s3:PutObject, s3:PutBucketPolicy (for bucket-specific changes)
Remediation:
Test Plan:
Using AWS Console:
- Log in to the AWS Management Console
- Navigate to S3 > Buckets
- Select a bucket and go to the Management tab
- Check for existing Lifecycle rules
- Review configured storage class transitions, such as:
Standard to Infrequent Access
Standard to Glacier
Standard to Deep Archive
• Confirm rules are active and match data access needs
Using AWS CLI:
aws s3api get-bucket-lifecycle-configuration \ --bucket <bucket-name> aws s3api get-bucket-location \ --bucket <bucket-name>
Implementation Plan:
Using AWS Console:
- Go to S3 > Buckets
- Select the target bucket
- Click the Management tab and choose Create lifecycle rule
- Name the rule and choose prefix or tags to filter objects
- Set transition actions (e.g., move to INTELLIGENT_TIERING, GLACIER, or DEEP_ARCHIVE)
- Optionally, add expiration rules for object deletion
- Review and create the rule
Using AWS CLI:
Create a JSON lifecycle configuration file (lifecycle.json):
{
"Rules": [
{
"ID": "TransitionToGlacier",
"Prefix": "",
"Status": "Enabled",
"Transitions": [
{
"Days": 30,
"StorageClass": "GLACIER"
}
]
}
]
}Apply the lifecycle configuration:
aws s3api put-bucket-lifecycle-configuration \ --bucket <bucket-name> \ --lifecycle-configuration file://lifecycle.json
Backout Plan:
Using AWS Console:
- Go to the Management tab of the bucket
- Select the lifecycle rule and click Delete
- Save changes to remove the transition or expiration policy
Using AWS CLI:
aws s3api delete-bucket-lifecycle \
--bucket <bucket-name>