search

awslabs / landing-zone-accelerator-on-aws

Deploy a multi-account cloud foundation to support highly-regulated workloads and complex compliance requirements.
https://aws.amazon.com/solutions/implementations/landing-zone-accelerator-on-aws/
Apache License 2.0
559 stars 447 forks source link

Better control over S3 logging bucket #316

Open brianwthomas opened 1 year ago

brianwthomas commented 1 year ago

Is your feature request related to a problem? Please describe. Our feature here is related to our company looking at ways to optimize costs.
Looking at the S3 bucket configuration for the aws-accelerator-s3-access-logs-{accountId}-{region}, it looks like versioning is enabled by default and that the Lifecycle policy doesn't have any way to manage the item size to transition into glacier storage class.

Describe the feature you'd like

  1. Disable versioning on aws-accelerator-s3-access-logs-{accountId}-{region} buckets
  2. Setup a byte limit for S3 lifecycle to allow the transitions into different storage classes at specific byte thresholds which you can do for normal S3 life cycle policies.

Additional context

Image showing transitions for small size files image

snemir2 commented 5 months ago

Additionally, would it be possible to provide different lifecycles for access log buckets based on OU? For example, 30 days for dev accounts, 5 yrs for prod