⭐ Repository → 📁 Compliance Engine → 📁 CloudAware → 📁 AWS → 📁 S3

🛡️ AWS S3 Bucket with Intelligent-Tiering is missing Archive configurations🟢

• Contextual name: 🛡️ Bucket with Intelligent-Tiering is missing Archive configurations🟢
• ID: /ce/ca/aws/s3/bucket-intelligent-tiering-configuration
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: COST

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 AWS S3 Bucket
  • 🔌 AWS S3 Bucket - object.extracts.yaml
  • 🧪 test-data.json

Description

Open File

Description

This policy identifies AWS S3 Buckets that use the Intelligent-Tiering storage class but do not have archive configurations enabled to automatically transition objects to the lower-cost Archive Access or Deep Archive Access tiers.

The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective access tier based on usage patterns, without performance impact or operational overhead. By default, it transitions objects between three low-latency access tiers: Frequent Access, Infrequent Access, and Archive Instant Access. To maximize cost savings, you can additionally enable one or both of the asynchronous archive access tiers.

Rationale

Enabling the Archive Access and Deep Archive Access tiers allows S3 Intelligent-Tiering to automatically move objects that remain unused for 90 and 180 consecutive days, respectively, for up to 730 days. Leveraging these tiers provides significant cost savings for long-term data retention without requiring complex lifecycle configurations.

... see more

Remediation

Open File

Remediation

From Command Line

This ensures that objects can automatically transition to Archive Access after 90 days or Deep Archive Access after 180 days:

aws s3api put-bucket-intelligent-tiering-configuration \
    --bucket {{bucket-name}} \
    --id {{config-id}} \
    --intelligent-tiering-configuration '{
        "Id": "{{config-id}}",
        "Status": "Enabled",
        "Filter": {},
        "Tierings": [
            {
                "Days": 90,
                "AccessTier": "ARCHIVE_ACCESS"
            },
            {
                "Days": 180,
                "AccessTier": "DEEP_ARCHIVE_ACCESS"
            }
        ]
    }'

This command enables both Archive Access and Deep Archive Access tiers. You may enable only one of them by omitting the undesired block from the Tierings array.

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 Cloudaware Framework → 💼 Resource Optimization			23		no data