library
turbot/aws_thrifty

Detect & correct S3 buckets without lifecycle policy

Overview

S3 Buckets without a lifecycle policy will not move objects between storage layers or expire objects, causing them to remain in their initial tier perpetually, this is inefficient and can be costly.

This query trigger detects S3 buckets which do not have a lifecycle policy attached and then either sends a notification or attempts to perform a predefined corrective action.

Getting Started

By default, this trigger is disabled, however it can be configred by setting the below variables

  • s3_buckets_without_lifecycle_policy_trigger_enabled should be set to true as the default is false.
  • s3_buckets_without_lifecycle_policy_trigger_schedule should be set to your desired running schedule
  • s3_buckets_without_lifecycle_policy_default_action should be set to your desired action (i.e. "notify" for notifications or "apply_policy" to apply the policy).
  • s3_buckets_without_lifecycle_policy_default_policy should be set to your desired lifecycle policy if s3_buckets_without_lifecycle_policy_default_action is set to "apply_policy".

Then starting the server:

flowpipe server

or if you've set the variables in a .fpvars file:

flowpipe server --var-file=/path/to/your.fpvars

Query

select
concat(name, ' [', account_id, ']') as title,
name,
region,
_ctx ->> 'connection_name' as cred
from
aws_s3_bucket
where
lifecycle_rules is null;

Schedule

15m