配置 AWS 的 Amazon S3 用于存储和 Cloudfront 用于 CDN

社区维基 系统管理员
,
1

The editing in draft mode is getting a bit wonky so I am publishing prematurely. Hopefully the wonkiness, love that word, will abate. For those up for reviewing and providing feedback, thanks in advance.

So you want to use AWS’s Amazon S3 for storage, Cloudfront for CDNs and ??? Hopefully this guide be helpful when configuring a need improvement here. Please let us know if something needs an adjustment, an improvement, or does not make sense.

Getting Started
Naming Strategy

AWS Configuration

Discourse Configuration

FAQ
Resources
To-Do

Getting Started

You will need:

  1. A self hosted Discourse instance with app.yml access. If you are hosted by one of these Commercial Discourse Hosting they are probably managing your backups and CDNs.
  2. AWS account
  3. ???

Naming Strategy

There are many places to make mistakes. Using a naming convention strategy that makes sense to you and perhaps others will help you with troubleshooting especially if you are configuring multiple Discourse instances.

  • IAM user: your-iam-user
  • Policy: s3-discourse-policy-your-iam-user
  • Backups bucket: yourdomain-subdomain-backups
  • Uploads bucket: yourdomain-subdomain-uploads
  • Distribution CDNs: cdn-yourdomain-subdomain and s3-yourdomain-subdomain-uploads

Optional: Configuration process bucket: a-origin-config-bucket

AWS Configuration

Use the default settings in the AWS configuration pages unless instructed to do otherwise.

S3 Names, names, names

  • Discourse instance domain: subdomain.yourdomain.tld (subdomain.yourdomain.tld including www.yourdomain.tld)
  • IAM user: yourdomain-subdomain (yourdomain-discourse, yourdomain-forum or Discourse in apex/root: yourdomain-tld-www )
  • Policy for IAM user: s3-discourse-policy-yourdomain-subdomain
  • Uploads bucket: yourdomain-subdomain-uploads Note: Don’t forget to set “Everyone (public access)” to “Read” in Bucket>Permissions: Access control list-(ACL) Access control list (ACL)-Grantee.
  • Backups bucket: yourdomain-subdomain-backups
  • Distribution CDNs: cdn-yourdomain-subdomain and s3-yourdomain-subdomain-uploads
  • Configuration process bucket: a-origin-config-bucket

You can see how this strategy works in a real world example:

IAM Users

  1. Go to IAM > Users > Select “Create user” https://us-east-1.console.aws.amazon.com/iam/home?region=us-east-1#/users/create
  2. IAM > Users > Create user > Specify user details > User details > User name > Enter name i.e. your-iam-user > Select “Next”
  3. IAM > Users > Create user > Set permissions > Permissions options > Select “Attach policies directly” > Select “Create policy” > Opens Create policy page (Alternatively the policy can be created first in Policies then selected when creating the user in “Permissions policies”.)
  4. IAM > Users > Create user > Set permissions > Permissions policies > Filter by Type dropdown selector > Select “Customer managed” > Select the newly created policy > Select “Next” > Select “Create user”
  5. IAM > Users > your-iam-user > Security credentials > Access keys > Select “Create access key”
  6. IAM > Users > your-iam-user > Create access key > Access key best practices & alternatives > Select “Other” > Select “Next”
  7. IAM > Users > your-iam-user > Create access key > Set description tag > Select “Create access key”
  8. IAM > Users > your-iam-user > Create access key > Retrieve access keys > Safely save Access key and Secret access key for use in Discourse app.yml > Select “Done”

Policies

  1. Modify s3-discourse-policy-your-iam-user.txt with your IAM user name and bucket names.
  2. Go to IAM > Policies > Create policy
  3. IAM > Policies > Create policy > Specify permissions > Policy editor > Select “JSON” in Policy editor > Copy policy from s3-discourse-policy-your-iam-user.txt and paste into JSON editor copying over existing JSON > Select “Next”
  4. IAM > Policies > Create policy > Review and create > Policy details > Policy name > Enter Policy name i.e. s3-discourse-policy-your-iam-user > Select “Next”
  5. Go to IAM Users : 4. IAM > Users > Create user to continue the create user process

Amazon S3 Buckets

Create and configure the backups bucket, uploads bucket, and the optional but useful configuration process bucket.

Create the backups bucket yourdomain-subdomain-backups

  1. Go to Amazon S3 Buckets > Select “Create bucket
  2. Amazon S3 > Buckets > Create bucket > General configuration > Confirm “General Purpose” selection
  3. Amazon S3 > Buckets > Create bucket > General configuration > Bucket name > Enter backups bucket name i.e. yourdomain-subdomain-backups
  4. Amazon S3 > Buckets > Create bucket > General configuration > Confirm “ACLs disabled (recommended)” selection
  5. Amazon S3 > Buckets > Create bucket > Block Public Access settings for this bucket > Deselect “Block all public access” then Select “Block public access to buckets and objects granted through new public bucket or access point policies” and “Block public and cross-account access to buckets and objects through any public bucket or access point policies”
  6. Amazon S3 > Buckets > Create bucket > Block Public Access settings for this bucket > Turning off block all public access might result in this bucket and the objects within becoming public > Select “I acknowledge that the current settings might result in this bucket and the objects within becoming public.”
  7. Amazon S3 > Buckets > Create bucket > Bucket Versioning > Bucket Versioning > Select “Enable” Info: Bucket Versioning is required for “Lifecycle rules”
  8. Amazon S3 > Buckets > Create bucket > Select “Create bucket”

Lifecycle rules configuration

Backup Retention Rule

  1. Amazon S3 > Buckets > Select newly created bucket i.e. yourdomain-subdomain-backups
  2. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Select “Create lifecycle rule”
  3. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Lifecycle rule name > Enter rule name i.e. backup retention
  4. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Choose a rule scope > Select “Apply to all objects in the bucket”
  5. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Choose a rule scope > Apply to all objects in the bucket > Select “I acknowledge that this rule will apply to all objects in the bucket.”
  6. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Lifecycle rule actions > Select “Transition noncurrent versions of objects between storage classes”, “Expire current versions of objects”, and “Permanently delete noncurrent versions of objects”
  7. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Lifecycle rule actions > Transitions are charged per request > Select “I acknowledge that this lifecycle rule will incur a transition cost per request.”
  8. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Transition noncurrent versions of objects between storage classes > Choose storage class transitions > Select “Glacier Instant Retrieval”
  9. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Transition noncurrent versions of objects between storage classes > Days after objects become noncurrent > Enter “1”
  10. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Expire current versions of objects > Days after object creation > Enter “7” or 15 or 30 or ??? See FAQ or discussion
  11. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Permanently delete noncurrent versions of objects > Days after objects become noncurrent > Enter “91”
  12. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Confirm “Review transition and expiration actions” is correct > Select “Create rule”

Cleanup Rule

  1. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Select “Create lifecycle rule”
  2. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Lifecycle rule name > Enter rule name cleanup
  3. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Choose a rule scope > Select “Apply to all objects in the bucket”
  4. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Choose a rule scope > Apply to all objects in the bucket > Select “I acknowledge that this rule will apply to all objects in the bucket.”
  5. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Lifecycle rule actions > Select “Permanently delete noncurrent versions of objects” and “Delete expired object delete markers or incomplete multipart uploads”
  6. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Permanently delete noncurrent versions of objects > Days after objects become noncurrent > Enter “92”
  7. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Permanently delete noncurrent versions of objects > Delete expired object delete markers or incomplete multipart uploads > Expired object delete markers > Select “Delete expired object delete markers”
  8. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Permanently delete noncurrent versions of objects > Delete expired object delete markers or incomplete multipart uploads > Incomplete multipart uploads > Select “Delete incomplete multipart uploads”
  9. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Permanently delete noncurrent versions of objects > Delete expired object delete markers or incomplete multipart uploads > Incomplete multipart uploads > Delete incomplete multipart uploads > Number of days > Enter “3” or ???
  10. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Confirm “Review transition and expiration actions” is correct > Select “Create rule”

Create the uploads bucket yourdomain-subdomain-uploads

  1. Go to Amazon S3 > Buckets > Select “Create bucket
  2. Amazon S3 > Buckets > Create bucket > General configuration > Confirm “General Purpose” selection
  3. Amazon S3 > Buckets > Create bucket > General configuration > Bucket name > Enter uploads bucket name i.e. yourdomain-subdomain-uploads
  4. Amazon S3 > Buckets > Create bucket > General configuration Select “ACLs enabled”
  5. Amazon S3 > Buckets > Create bucket > Block Public Access settings for this bucket > Deselect “Block all public access” then Select “Block public access to buckets and objects granted through new public bucket or access point policies” and “Block public and cross-account access to buckets and objects through any public bucket or access point policies”
  6. Amazon S3 > Buckets > Create bucket > Block Public Access settings for this bucket > Turning off block all public access might result in this bucket and the objects within becoming public > Select “I acknowledge that the current settings might result in this bucket and the objects within becoming public.”
  7. Amazon S3 > Buckets > Create bucket > Select “Create bucket”
  8. Amazon S3 > Buckets > Buckets screen > Select newly created bucket i.e. yourdomain-subdomain-uploads
    Return to do step 9 after creating Distribution #2
  9. Amazon S3 > Buckets > yourdomain-subdomain-uploads > Permissions > Bucket policy > Select Edit > Paste JSON from Create distribution #2 11. CloudFront > Distributions > Distribution ID > Edit origin > Origin access control > Select “Save changes”
  10. Amazon S3 > Buckets > yourdomain-subdomain-uploads > Permissions > Access control list (ACL) > Select Edit > Everyone (public access) > Select “Read” > When you grant access to the Everyone or Authenticated users group grantees, anyone in the world can access the objects in this bucket. Select “I understand the effects of these changes on my objects and buckets.” > Select “Save changes”

Create a configuration process bucket a-origin-config-bucket

Create a bucket to be used during Distribution #1 configuration process. Name and configuration are unimportant since the bucket is only used temporarily as an initial origin which will be deleted during the configuration process.

  1. Go to Amazon S3 > Buckets > Select “Create bucket
  2. Amazon S3 > Buckets > Create bucket > General configuration > Confirm “General Purpose” selection
  3. Amazon S3 > Buckets > Create bucket > General configuration > Bucket name > Enter uploads bucket name i.e. a-origin-config-bucket
  4. Toggle through the configuration pages and “Create bucket”

CloudFront Distributions

Create two AWS S3 Cloudfront distributions. One to serve website assets and the second to serve uploads bucket assets.

Create distribution #1

  Distribution #1
    DISCOURSE_CDN_URL
      Distribution name: cdn-yourdomain-subdomain
      Origin: subdomain.yourdomain.tld
      Distribution domain name (Cloudfront URL): AWS-assigned.cloudfront.net
      Alternate domain names: discourse-cdn.yourdomain.tld
  1. Go to CloudFront > Distributions > Select “Create
  2. CloudFront > Distributions > Create distribution > Choose a plan > Select “Pay as you go” > Select “Next”
  3. CloudFront > Distributions > Create distribution > Get started > Distribution options > Distribution name > Enter distribution name i.e. cdn-yourdomain-subdomain
  4. CloudFront > Distributions > Create distribution > Get started > Distribution options > Description - optional > Enter “cdn-yourdomain-subdomain” (Optional but helps with visibilty)
  5. CloudFront > Distributions > Create distribution > Get started > Distribution options > Distribution type > Confirm “Single website or app” selection > Select “Next”
  6. CloudFront > Distributions > Create distribution > Specify origin > Origin type > Confirm “Amazon S3” selection
  7. CloudFront > Distributions > Create distribution > Specify origin > Origin > S3 origin > Select “Browse S3” > Select the configuration process bucket “a-origin-config-bucket” > Select “Choose” > Select “Next”
  8. CloudFront > Distributions > Create distribution > Enable security > make your choices - for this guide > Select “Do not enable security protections” > Select “Next”
  9. CloudFront > Distributions > Create distribution > Review and create > Confirm "Review and create: is correct > Select “Create distribution” → Newly created distribution information page should open in CloudFront > Distributions > Distribution ID
  10. CloudFront > Distributions > Distribution ID > Origins > Select “Create origin” Info: The distribution requires the Discourse instance domain as the origin!
  11. CloudFront > Distributions > Distribution ID > Create origin > Settings > Origin domain > Enter discourse instance domain i.e. subdomain.yourdomain.tld > Select “Create origin”
  12. CloudFront > Distributions > Distribution ID > Behaviors > Select the lone behavior “Default (*)” > Select “Edit”
  13. CloudFront > Distributions > Distribution ID > Behaviors > Edit behavior > Settings > Origin and origin groups > Select the Custom origin “subdomain.yourdomain.tld” > Select “Save changes”
  14. CloudFront > Distributions > Distribution ID > Origins > Select the original origin “a-origin-config-bucket.s3.us-east-1.amazonaws.com” > Select “Delete” Info: The deployment must be complete, see CloudFront > Distributions > Distribution ID > Details > Last modified
    If using a branded CDN URL → Step 15
  15. CloudFront > Distributions > Distribution ID > Alternate domain names > Select “Add domain”
  16. CloudFront > Distributions > Distribution ID > Alternate domain names > Add domain > Configure domains > Domains > Domains to serve > Enter the DISCOURSE_CDN_URL i.e. discourse-cdn.yourdomain.tld > Select “Next”

Incomplete: Alternate domain names: discourse-cdn.yourdomain.tld

Create distribution #2

  Distribution #2
    DISCOURSE_S3_CDN_URL
      Distribution name: s3-yourdomain-subdomain-uploads
      Origin: yourdomain-subdomain-uploads
      Distribution domain name (Cloudfront URL: AWS-assigned.cloudfront.net
      Alternate domain names: s3-cdn.yourdomain.tld
  1. CloudFront > Distributions > Create distribution
  2. CloudFront > Distributions > Create distribution > Choose a plan > Select “Pay as you go” > Select “Next”
  3. CloudFront > Distributions > Create distribution > Get started > Distribution options > Distribution name > Enter distribution name i.e. s3-yourdomain-subdomain-uploads
  4. CloudFront > Distributions > Create distribution > Get started > Distribution options > Description - optional > Enter “s3-yourdomain-subdomain-uploads” (Optional but helps with visibilty)
  5. CloudFront > Distributions > Create distribution > Get started > Distribution options > Distribution type > Confirm “Single website or app” selection > Select “Next”
  6. CloudFront > Distributions > Create distribution > Specify origin > Origin type > Confirm “Amazon S3” selection
  7. CloudFront > Distributions > Create distribution > Specify origin > Origin > S3 origin > Select “Browse S3” > Select the uploads bucket “yourdomain-subdomain-uploads” > Select “Choose” > Select “Next”
  8. CloudFront > Distributions > Create distribution > Enable security > make your choices - for this guide > Select “Do not enable security protections” > Select “Next”
  9. CloudFront > Distributions > Create distribution > Review and create > Confirm "Review and create: is correct > Select “Create distribution” → Newly created distribution information page should open in CloudFront > Distributions > Distribution ID
  10. CloudFront > Distributions > Distribution ID > Origins > Select the origin > Select “Edit”
  11. CloudFront > Distributions > Distribution ID > Edit origin > Origin access control > ! You must allow access to CloudFront using this policy… > Select “Copy policy” > Go to Create the uploads bucket 9. Amazon S3 > Buckets > yourdomain-subdomain-uploads > Permissions > Bucket policy

Incomplete: Alternate domain names: s3-cdn.yourdomain.tld

Discourse Configuration

Current as of Discourse version: 2025.12.0-latest

Make these changes in Discourse Admin UI

Backups Settings /admin/backups/settings

  1. Maximum backups > Enter the number of backups to keep locally
  2. Backup with uploads > Select “Include uploads in scheduled backups. Disabling this will only backup the database.”

S3 Settings /admin/site_settings/category/all_results?filter=S3

  1. S3 use CDN URL for all uploads > Select “Use CDN URL for all the files uploaded to s3 instead of only for images.” (Discourse ships deselected)

Edit Config (app.yml) Unbranded URLs

Edit the app.yml making the changes below for branded URLs or unbranded Cloudfront URLs.

Discourse Unbranded URLs

Use this for unbranded Cloudfront distributions. Your DISCOURSE_S3_REGION might be different.
DISCOURSE_CDN_URL: https://amazonassigned.cloudfront.net

S3 storage config (unbranded)

## S3 storage config
DISCOURSE_USE_S3: true
DISCOURSE_S3_REGION:  us-east-1
DISCOURSE_S3_ACCESS_KEY_ID: key obfuscated
DISCOURSE_S3_SECRET_ACCESS_KEY: key obfuscated
DISCOURSE_S3_CDN_URL: https://amazonassigned.cloudfront.net
DISCOURSE_S3_BUCKET: your-bucket-name-uploads
DISCOURSE_S3_BACKUP_BUCKET: your-bucket-name-backups
DISCOURSE_BACKUP_LOCATION: s3

Discourse Branded URLs

DNS Configuration

If you prefer to use yourdomain.com based URLs for the CDNs you need to make some DNS changes and adjust your CDN URLs.

Tip: Don’t forget to add discourse-cdn.yourdomain.com and s3-cdn.yourdomain.com as a domain name in “Alternate domain names” for their respective Cloudfront distributions.

DNS config if you want to use domain branded Cloudfront distributions.

DISCOURSE_CDN_URL

Existing record:	A   discourseinstance.yourdomain.com   instance ip  Note: This is the existing Discourse install ip.
New record:		A   discourse-cdn-cloudfront.yourdomain.com   instance ip
New record: 		CNAME discourse-cdn.yourdomain.com  ->   amazonassigned.cloudfront.net

DISCOURSE_S3_CDN_URL

New record:		CNAME s3-cdn-cloudfront.yourdomain.com  ->   amazonassigned.cloudfront.net
New record: 	CNAME  s3-cdn.yourdomain.com  ->   s3-cdn-cloudfront.yourdomain.com

Edit Config (app.yml) Branded URLs

Once the DNS changes are complete you can edit your app.yml making the changes below.

Change DISCOURSE_CDN_URL and/or DISCOURSE_S3_CDN_URL if you are using domain CNAMES for the Cloudfront distribution (amazonassigned.cloudfront.net).

DISCOURSE_CDN_URL: https://discourse-cdn.yourdomain.com

S3 storage config (branded)

## S3 storage config
DISCOURSE_USE_S3: true
DISCOURSE_S3_REGION:  us-east-1
DISCOURSE_S3_ACCESS_KEY_ID: key obfuscated
DISCOURSE_S3_SECRET_ACCESS_KEY: key obfuscated
DISCOURSE_S3_CDN_URL: https://s3-cdn.yourdomain.com
DISCOURSE_S3_BUCKET: your-bucket-name-uploads
DISCOURSE_S3_BACKUP_BUCKET: your-bucket-name-backups
DISCOURSE_BACKUP_LOCATION: s3

Additional Config Edits (app.yml)

Regardless of which approach you use, branded or Cloudfront URLs, you will need the after_assets_precompile section below to ensure things stay updated during subsequent rebuilds.

  hooks:
    after_code:
      - exec:
          cd: $home/plugins
          cmd:
            - git clone https://github.com/discourse/docker_manager.git
            -you may have more plugins
    after_assets_precompile:
      - exec:
          cd: $home
          cmd:
            - sudo -E -u discourse bundle exec rake s3:upload_assets
            - sudo -E -u discourse bundle exec rake s3:expire_missing_assets

Rebuild your instance with ./launcher rebuild app

After ./launcher rebuild app completes successfully do these rakes.

./launcher enter app

rake posts:rebake
rake uploads:migrate_to_s3
rake posts:rebake_uncooked_posts

rake s3:upload_assets
rake s3:expire_missing_assets

If the rakes complete without errors then you are good to go.

On some sites the initial rebuild will fail with an error relating to s3:upload_assets. If this happens,

check “read” setting on uploads bucket. If correctly set then,

comment out or remove the after_assets_precompile section:

  after_assets_precompile:
      - exec:
          cd: $home
          cmd:
            - sudo -E -u discourse bundle exec rake s3:upload_assets
            - sudo -E -u discourse bundle exec rake s3:expire_missing_assets

and run ./launcher rebuild app again. Then run “rake s3:upload_assets” and “rake s3:expire_missing_assets”.

If both of the rakes complete without errors then re-add or uncomment the after_assets_precompile section, rebuild again and do the all the rakes listed above.

If either of the rakes give an error or the rebuild fails again you have something wrong in your app.yml and/or AWS S3 configs and/or DNS records. Happy hunting! :slight_smile:

FAQ

Getting Started FAQ

AWS FAQ

IAM User FAQ

S3 Buckets FAQ

  1. Why can’t I see the non-current backups in the backups bucket /Default folder?
  2. It has been many days since backups started disappearing from Backups /Default folder, where did they go?

S3 Distributions FAQ

Discourse Configuration FAQ

  1. Do I have to use app.yml if I only want to use S3 for backups?
  2. Why is using app.yml for using S3 the recommended approach?

Resources

To-Do

  1. Initial feedback based post publish edits
  2. Confirm approach in Cleanup rule
  3. Is there a more efficient way to replace a-origin-config-bucket with subdomain.yourdomain.tld in Create distribution #1 ??? Can selecting “Other” instead of “Amazon S3” as the Origin type in CloudFront > Distributions > Create distribution > Specify origin > Origin type work? Currently testing this approach again but still “no joy”.
  4. Better title
  5. Distribution #1 Need instructions Alternate domain names: discourse-cdn.yourdomain.tld
  6. Distribution #2 Need instructions Alternate domain names: s3-cdn.yourdomain.tld
  7. Create/find list of Discourse hosts
  8. Add screenshots
  9. Wrap initial round of edits
  10. Build FAQ
  11. Publish Discourse version here and in resource docs
  12. Update AWS_S3_Config.txt, s3-discourse-policy-your-iam-user.txt, AWS_S3_Config_Process.txt, Guide_AWS_S3_Config-sandbox.websystems360.txt, s3-discourse-policy-websystems360-sandbox.txt
Issues with AWS CDN and S3
2

OP 回复,征求想法、评论、编辑信息、流程和???

AWS 支持关于:清理规则中方法的确认

我已经审阅了您提议的生命周期规则配置,很高兴确认您的设置设计良好,并遵循了 AWS 备份存储桶管理的最佳实践。

========== 生命周期规则评估 ==========

您的配置非常出色,解决了备份清理的关键领域:

  • 非当前版本清理(92 天):这是一个合理的保留期,平衡了存储成本和恢复需求。92 天的保留期为备份验证提供了充足的时间,同时防止了存储的无限期积累。

  • 过期删除标记的移除:已正确配置,可自动清理孤立的删除标记,有助于优化存储成本和存储桶性能。

  • 不完整多部分上传清理(3 天):3 天的设置是最佳的——足够短,可以防止因上传失败而浪费存储空间,但也足够长,可以适应合法的、大型的备份操作。

  • 范围应用:“应用于存储桶中的所有对象”对于专用的备份存储桶是合适的,其中所有内容都遵循相同的生命周期模式。

AWS 支持关于:备份存储桶生命周期配置

对备份存储桶 S3 生命周期配置的审查

我已经分析了您的完整生命周期配置设置,可以确认您的“备份保留”规则结构良好,并遵循了 AWS 备份管理的最佳实践。

我调查的关键发现如下:

  • 您的存储桶有两个相辅相成的生命周期规则,可以协同工作
  • “备份保留”规则使用适当的时间线正确处理当前和非当前版本
  • 该配置包括非当前版本的经济高效的存储转换
  • 所有规则组件都已正确配置,并带有适当的时间参数
  • 该存储桶已在 us-east-1 中正确设置,并具有适当的权限

配置评估:

您的“备份保留”规则有效地管理了备份对象的生命周期:

  • 在 1 天后将非当前版本转换为“Glacier Instant Retrieval”(成本优化)
  • 在 7 天后过期当前版本(适用于定期备份)
  • 在 91 天后永久删除非当前版本(良好的保留期)

此规则补充了您的“清理”规则,该规则处理:

  • 删除过期删除标记(防止孤立标记)
  • 在 3 天后清理不完整的多部分上传(防止存储浪费)
  • 在 92 天后删除非当前版本(确保完全清理)

两个规则都应用于存储桶中的所有对象,这对于所有内容遵循相同生命周期模式的专用备份存储来说是合适的。

当前版本的 7 天过期对于定期备份场景来说似乎是合适的,但您可以根据您的具体保留要求进行调整(如果需要更长的保留期,则为 15 或 30 天)。

您的实施是完整的,并遵循了 AWS S3 生命周期管理的最佳实践。