What is the relationship between AWS Config retention period and AWS S3 Lifecycle policy?
" AWS Config delivers three types of configuration files to the S3 bucket: Configuration history (A configuration history is a collection of the configuration items for a given resource over any time period. ) Configuration snapshot OversizedChangeNotification"
However, in this docs: https://docs.aws.amazon.com/ja_jp/config/latest/developerguide/delete-config-data-with-retention-period.html It only said that retention period delete the "ConfigurationItems" (A configuration item represents a point-in-time view of the various attributes of a supported AWS resource that exists in your account. )
In this docs: https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#config-history: "The components of a configuration item include metadata, attributes, relationships, current configuration, and related events. AWS Config creates a configuration item whenever it detects a change to a resource type that it is recording. "
I wonder that: Is ConfigurationItems a subset of Configuration history? Is the things that saved to S3 equal to ConfigurationItems? If not, where is ConfigurationItems stored? And if things stored in S3, is ConfigurationItems deleted or become damaged?
I am setting AWS S3 lifcycle is expire objects in 300 days and AWS Config retention period is 7 years. Therefore, I am wondering what is the relationship between those 2? Because S3 lifecycle period is 300 days, will AWS Config data is deleted in 300 days?
Thank you so much!
I'll attempt to answer your questions:
The FAQ section towards the end of the Blog post you have listed has answers to your questions about S3 lifecycle vs Retention period: The configuration history and snapshot files delivered to an S3 bucket are for your auditing and analysis only & the retention period does not apply to the files in the S3 bucket. The files in the AWS Config data store depend on the retention period setting in the Config. So basically AWS Config has it's own datastore which is regulated by retention policy. Deleting something in S3 (via lifecycle policy) would not affect the view in AWS config but any auditing / analytics you do using S3 would be limited to 300 days data
Your question about where ConfigItems is stored - Based on my understanding, the configuration history is periodically saved to S3. I presume configItems would be saved in internal the data store for use by AWS Config service
Is ConfigurationItems a subset of Configuration history? - I would say logically yes. Each configurationitem is a record of the change to the AWS resources and Configuration history is a collection of Configuration Items which would tie these together to provide a view of the changes to a resource over a period of time https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#config-history
And if things stored in S3, is ConfigurationItems deleted or become damaged? - S3 is backed by high availability and durability and hence data deletion / damage would be rare unless due to accidental human intervention. And in the very rare event that it happens, AWS config won't be affected.
Use S3 lifecycle policy to create a recycle binasked 2 months ago
AWS Config Resource Not Found Viewing Detailsasked 2 years ago
What is the relationship between AWS Config retention period and AWS S3 Lifecycle policy?Accepted Answerasked a month ago
The redshfit auto-snapshot retention period has expired. The snapshot does not delete and exists. why?asked 3 months ago
Is it possible to configure the AWS X-Ray retention period?asked 3 days ago
Redshift snapshots - incremental/full and retentionasked 5 years ago
Trust relationship between a role in global AWS and users/roles in China AWS regionasked 7 months ago
ECS Fargate Log Configuration - How to set the retention policy?Accepted Answerasked 5 months ago
Does changing a s3 lifecycle policy change all older objects in an s3 bucket?asked 2 months ago
AWS S3 Replication With Lifecycle Policy - Cross Accountasked 2 years ago