By using AWS re:Post, you agree to the Terms of Use
/What is the relationship between AWS Config retention period and AWS S3 Lifecycle policy?/

What is the relationship between AWS Config retention period and AWS S3 Lifecycle policy?

0

I found here: https://aws.amazon.com/blogs/mt/configuration-history-configuration-snapshot-files-aws-config/

" AWS Config delivers three types of configuration files to the S3 bucket: Configuration history (A configuration history is a collection of the configuration items for a given resource over any time period. ) Configuration snapshot OversizedChangeNotification"

However, in this docs: https://docs.aws.amazon.com/ja_jp/config/latest/developerguide/delete-config-data-with-retention-period.html It only said that retention period delete the "ConfigurationItems" (A configuration item represents a point-in-time view of the various attributes of a supported AWS resource that exists in your account. )

In this docs: https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#config-history: "The components of a configuration item include metadata, attributes, relationships, current configuration, and related events. AWS Config creates a configuration item whenever it detects a change to a resource type that it is recording. "

I wonder that: Is ConfigurationItems a subset of Configuration history? Is the things that saved to S3 equal to ConfigurationItems? If not, where is ConfigurationItems stored? And if things stored in S3, is ConfigurationItems deleted or become damaged?

I am setting AWS S3 lifcycle is expire objects in 300 days and AWS Config retention period is 7 years. Therefore, I am wondering what is the relationship between those 2? Because S3 lifecycle period is 300 days, will AWS Config data is deleted in 300 days?

Thank you so much!

1 Answers
1
Accepted Answer

I'll attempt to answer your questions:

  1. The FAQ section towards the end of the Blog post you have listed has answers to your questions about S3 lifecycle vs Retention period: The configuration history and snapshot files delivered to an S3 bucket are for your auditing and analysis only & the retention period does not apply to the files in the S3 bucket. The files in the AWS Config data store depend on the retention period setting in the Config. So basically AWS Config has it's own datastore which is regulated by retention policy. Deleting something in S3 (via lifecycle policy) would not affect the view in AWS config but any auditing / analytics you do using S3 would be limited to 300 days data

  2. Your question about where ConfigItems is stored - Based on my understanding, the configuration history is periodically saved to S3. I presume configItems would be saved in internal the data store for use by AWS Config service

  3. Is ConfigurationItems a subset of Configuration history? - I would say logically yes. Each configurationitem is a record of the change to the AWS resources and Configuration history is a collection of Configuration Items which would tie these together to provide a view of the changes to a resource over a period of time https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#config-history

  4. And if things stored in S3, is ConfigurationItems deleted or become damaged? - S3 is backed by high availability and durability and hence data deletion / damage would be rare unless due to accidental human intervention. And in the very rare event that it happens, AWS config won't be affected.

--Syd

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions