Deep-archive an aws S3 bucket with versioning enabled once

It's not a surprise if you want to deep-achieve a S3 bucket, or some objects in it to decrease storage cost. But if versioning has once been enabled on the bucket, how to do the deep archiving needs more consideration. 

Problem Statement

If you have a S3 bucket, which versioning has never been enabled, then to move objects into Glacier Deep Archive can be achieved by iterating over every object, and making a copy of an object using the PUT Object - Copy API. You copy an object in the same bucket using the same key name and specify request headers, e.g. here you set the x-amz-storage-class to the storage class, 'DEEP_ARCHIVE',  that you want to use [1]. Then the final effect is just like that the storage class of an object is being changed. 

But if a bucket has once been versioning enabled, the above method is not straight forward.

- If versioning is still enabled, even you can copy an object with a specific version ID, Amazon S3 gives it a new version ID. Then you need to delete the old version ID, otherwise you will double the cost instead of decreasing cost. The whole procedure turns verbose.

- If versioning is suspended,  when an object with a specific version ID is copied, the version ID that Amazon S3 generates is always null. So if an object has multiple versions before deep archiving, this method will overwrite previously copied versions. 

So we'd better look for a simpler and more reliable way to do the deep archiving.

Solution

S3 lifecycle rule can help on it. There are two rule actions as marked in red below, which can move current versions, and non-current versions respectively to a specified storage class. 


So you can create a rule to use those two actions, and set the waiting days before the transition to 1 day, which is shortest days you can set. As shown below,  you can also filter objects by prefix, object tags, object size, or whatever combination suits your use case.

Note there might be a delay between when the lifecycle rule is satisfied and when the action for the rule is complete. Additionally, Amazon S3 rounds the transition or expiration date of an object to midnight UTC the next day.[2] 

Further Reading

S3 lifecycle rule evaluates the days elapsed after object creation, or after objects become non-current. There is no out-of-box rule to take actions based on object access time instead of creating time. A rule based on object access time makes more sense in some cases, in order for less accessed objects to be deep-archived earlier. If this is your use case, you may have the interest to read this blog, Expiring Amazon S3 Objects Based on Last Accessed Date to Decrease Costs  

References

1. Using Amazon S3 storage classes

2. s3 lifecycle rule delay

Comments

Post a Comment

Popular posts from this blog

Good practices of using Python logging

Problem Statement During the maintenance work of a legacy Python project, it's noticed some issues of logging code events. Outputs not in sequence The legacy code in some places still uses print() function, and traceback.print_exc() like below, try : #my logic goes here print ( "my output" ) except Exception : traceback . print_exc() By default in Python those functions are buffered. print() will send outputs to stdout, and traceback_print_exc() will send output to stderr. If those buffers are not flushed timely or disabled, the output may not in sequence which causes the outputs out of order.  Logging configuration not centralized and externalized It's noticed the logging configuration is added in every file using the Python logging. It means the logging configuration is not centralized and externalized for easy usage. Also when a message is logged, the 'logging' object is used directly instead of using a 'logger' object. The '
Read more

Auto-installing NVIDIA device plug-in on GPU nodes only

Problem Statement On a Kubernetes cluster before the GPUs in the nodes can be used, you need to deploy a DaemonSet for the NVIDIA device plugin. This DaemonSet runs a pod on each node to provide the required drivers for the GPUs. E.g. on Azure AKS cluster, here is the Azure official document regarding how to install NVIDIA device plug-in .  The YMAL manifest is in the nvidia-device-plugin-ds.yaml file. Once this file is applied, it does automatically run a pod to provide the required driver once a GPU node is added, no matter it's manually scaled or auto-scaled. But it may also run the pod on a node which has no GPUs at all, since that yaml manifest doesn't constraint the pods to run only on GPU nodes. This is a waste of resources on non-GPU nodes. Solution This is where " nodeSelector " and " affinity " can help. "nodeSelector" provides a very simple way to constrain pods to nodes with particular labels. The "affinity/anti-affinity" feat
Read more