Creating a Lifecycle Policy for an S3 Bucket – Parsing Logs and Events with AWS Native Tools – SCS-C02 Study Guide

Creating a Lifecycle Policy for an S3 Bucket

This exercise uses the AWS Management Console. To create a Lifecycle policy on a new S3 bucket, perform the following steps:

  1. Log in to the AWS Management Console and navigate to the S3 service page using the following URL: https://packt.link/CgmUd.
  2. Once on the S3 page, in the middle of the main screen, click the Create bucket button.
  3. Now, on the Create Bucket screen, under General Configuration, choose a name for your S3 bucket. This example bucket uses the name packt-security-chapter9. You will need to come up with a unique name for your bucket. Keep all other settings the default settings, scroll down to the bottom of the page and click on the Create bucket button to create the new bucket.

Figure 9.2: Configuration for S3 bucket screen

  • After creating your new bucket, you should be back at the S3 main page. Find the name of the new bucket you just created and click on its name to be taken to the bucket. This is where you will make the Lifecycle policy for the bucket.
  • Once on the bucket’s main page, click on the Management tab on the main screen.

This will bring up the Lifecycle rules section in the middle of the main screen. It should have a zero (0) right after Lifecycle rules, meaning no lifecycle rules are currently associated with this bucket.

Figure 9.3: Management screen for S3 bucket

  • Now, click the button in the Lifecycle rules section labeled Create lifecycle rule. This will bring you to an area that allows you to create one or more lifecycle rules for the bucket.

You will create a rule that deletes objects in your bucket after one day. You could create multiple rules using the same process, taking advantage of the storage tiers discussed in this chapter’s Different Storage Tiers of S3 section. However, to ensure that your costs stay low in your testing account, the most straightforward lifecycle rule is to have one that deletes objects after 24 hours of placement into the target bucket.

  • Use the rule name security-cert-delete-24hours.
  • Under the rule scope, select This rule applies to all objects in the bucket.
  • Click the checkbox that appears stating, I acknowledge this rule will apply to all objects in the bucket.

Figure 9.4: Rule configuration screen for S3

  1. Under Lifecycle rule actions, select the box labeled Expire current versions of objects.

Figure 9.5: Lifecycle rule actions for S3 bucket

  1. Scrolling down to the Expire current versions of objects box, enter 1 in the textbox under the heading Days after object creation.

Figure 9.6: Lifecycle rule actions for S3 bucket

  1. Scroll down to the bottom of the page and click the orange Create Rule button to enable the lifecycle rule on your bucket.

You can test this lifecycle rule by uploading any object or file to the bucket and then waiting a day. The next day, the object should be deleted automatically. When referring to this rule in context, this part of the lifecycle appears at the end of the diagram in Figure 9.1, after 365 days have passed from the initial placement of the object into the S3 folder.

Next, you will see how the costs compare between storing logs in the S3 service versus storing logs in CloudWatch Logs.