Configuration d'Amazon S3 d'AWS pour le stockage et Cloudfront pour les CDN

Wiki de la communauté Adminsys
,
1

The editing in draft mode is getting a bit wonky so I am publishing prematurely. Hopefully the wonkiness, love that word, will abate. For those up for reviewing and providing feedback, thanks in advance.

So you want to use AWS’s Amazon S3 for storage, Cloudfront for CDNs and ??? Hopefully this guide be helpful when configuring a need improvement here. Please let us know if something needs an adjustment, an improvement, or does not make sense.

Getting Started
Naming Strategy

AWS Configuration

Discourse Configuration

FAQ
Resources
To-Do

Getting Started

You will need:

  1. A self hosted Discourse instance with app.yml access
  2. AWS account
  3. ???

Naming Strategy

There are many places to make mistakes. Using a naming convention strategy that makes sense to you and perhaps others will help you with troubleshooting especially if you are configuring multiple Discourse instances.

  • IAM user: your-iam-user
  • Policy: s3-discourse-policy-your-iam-user
  • Backups bucket: yourdomain-subdomain-backups
  • Uploads bucket: yourdomain-subdomain-uploads
  • Distribution CDNs: cdn-yourdomain-subdomain and s3-yourdomain-subdomain-uploads

Optional: Configuration process bucket: a-origin-config-bucket

AWS Configuration

Use the default settings in the AWS configuration pages unless instructed to do otherwise.

S3 Names, names, names

  • Discourse instance domain: subdomain.yourdomain.tld (subdomain.yourdomain.tld including www.yourdomain.tld)
  • IAM user: yourdomain-subdomain (yourdomain-discourse, yourdomain-forum or Discourse in apex/root: yourdomain-tld-www )
  • Policy for IAM user: s3-discourse-policy-yourdomain-subdomain
  • Uploads bucket: yourdomain-subdomain-uploads Note: Don’t forget to set “Everyone (public access)” to “Read” in Bucket>Permissions: Access control list-(ACL) Access control list (ACL)-Grantee.
  • Backups bucket: yourdomain-subdomain-backups
  • Distribution CDNs: cdn-yourdomain-subdomain and s3-yourdomain-subdomain-uploads
  • Configuration process bucket: a-origin-config-bucket

You can see how this strategy works in a real world example:

IAM Users

  1. Go to IAM > Users > Select “Create user” https://us-east-1.console.aws.amazon.com/iam/home?region=us-east-1#/users/create
  2. IAM > Users > Create user > Specify user details > User details > User name > Enter name i.e. your-iam-user > Select “Next”
  3. IAM > Users > Create user > Set permissions > Permissions options > Select “Attach policies directly” > Select “Create policy” > Opens Create policy page (Alternatively the policy can be created first in Policies then selected when creating the user in “Permissions policies”.)
  4. IAM > Users > Create user > Set permissions > Permissions policies > Filter by Type dropdown selector > Select “Customer managed” > Select the newly created policy > Select “Next” > Select “Create user”
  5. IAM > Users > your-iam-user > Security credentials > Access keys > Select “Create access key”
  6. IAM > Users > your-iam-user > Create access key > Access key best practices & alternatives > Select “Other” > Select “Next”
  7. IAM > Users > your-iam-user > Create access key > Set description tag > Select “Create access key”
  8. IAM > Users > your-iam-user > Create access key > Retrieve access keys > Safely save Access key and Secret access key for use in Discourse app.yml > Select “Done”

Policies

  1. Modify s3-discourse-policy-your-iam-user.txt with your IAM user name and bucket names.
  2. Go to IAM > Policies > Create policy
  3. IAM > Policies > Create policy > Specify permissions > Policy editor > Select “JSON” in Policy editor > Copy policy from s3-discourse-policy-your-iam-user.txt and paste into JSON editor copying over existing JSON > Select “Next”
  4. IAM > Policies > Create policy > Review and create > Policy details > Policy name > Enter Policy name i.e. s3-discourse-policy-your-iam-user > Select “Next”
  5. Go to IAM Users : 4. IAM > Users > Create user to continue the create user process

Amazon S3 Buckets

Create and configure the backups bucket, uploads bucket, and the optional but useful configuration process bucket.

Create the backups bucket yourdomain-subdomain-backups

  1. Go to Amazon S3 Buckets > Select “Create bucket
  2. Amazon S3 > Buckets > Create bucket > General configuration > Confirm “General Purpose” selection
  3. Amazon S3 > Buckets > Create bucket > General configuration > Bucket name > Enter backups bucket name i.e. yourdomain-subdomain-backups
  4. Amazon S3 > Buckets > Create bucket > General configuration > Confirm “ACLs disabled (recommended)” selection
  5. Amazon S3 > Buckets > Create bucket > Block Public Access settings for this bucket > Deselect “Block all public access” then Select “Block public access to buckets and objects granted through new public bucket or access point policies” and “Block public and cross-account access to buckets and objects through any public bucket or access point policies”
  6. Amazon S3 > Buckets > Create bucket > Block Public Access settings for this bucket > Turning off block all public access might result in this bucket and the objects within becoming public > Select “I acknowledge that the current settings might result in this bucket and the objects within becoming public.”
  7. Amazon S3 > Buckets > Create bucket > Bucket Versioning > Bucket Versioning > Select “Enable” Info: Bucket Versioning is required for “Lifecycle rules”
  8. Amazon S3 > Buckets > Create bucket > Select “Create bucket”

Lifecycle rules configuration

Backup Retention Rule

  1. Amazon S3 > Buckets > Select newly created bucket i.e. yourdomain-subdomain-backups
  2. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Select “Create lifecycle rule”
  3. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Lifecycle rule name > Enter rule name i.e. backup retention
  4. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Choose a rule scope > Select “Apply to all objects in the bucket”
  5. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Choose a rule scope > Apply to all objects in the bucket > Select “I acknowledge that this rule will apply to all objects in the bucket.”
  6. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Lifecycle rule actions > Select “Transition noncurrent versions of objects between storage classes”, “Expire current versions of objects”, and “Permanently delete noncurrent versions of objects”
  7. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Lifecycle rule actions > Transitions are charged per request > Select “I acknowledge that this lifecycle rule will incur a transition cost per request.”
  8. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Transition noncurrent versions of objects between storage classes > Choose storage class transitions > Select “Glacier Instant Retrieval”
  9. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Transition noncurrent versions of objects between storage classes > Days after objects become noncurrent > Enter “1”
  10. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Expire current versions of objects > Days after object creation > Enter “7” or 15 or 30 or ??? See FAQ or discussion
  11. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Permanently delete noncurrent versions of objects > Days after objects become noncurrent > Enter “91”
  12. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Confirm “Review transition and expiration actions” is correct > Select “Create rule”

Cleanup Rule

  1. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Select “Create lifecycle rule”
  2. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Lifecycle rule name > Enter rule name cleanup
  3. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Choose a rule scope > Select “Apply to all objects in the bucket”
  4. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Choose a rule scope > Apply to all objects in the bucket > Select “I acknowledge that this rule will apply to all objects in the bucket.”
  5. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Lifecycle rule actions > Select “Permanently delete noncurrent versions of objects” and “Delete expired object delete markers or incomplete multipart uploads”
  6. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Permanently delete noncurrent versions of objects > Days after objects become noncurrent > Enter “92”
  7. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Permanently delete noncurrent versions of objects > Delete expired object delete markers or incomplete multipart uploads > Expired object delete markers > Select “Delete expired object delete markers”
  8. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Permanently delete noncurrent versions of objects > Delete expired object delete markers or incomplete multipart uploads > Incomplete multipart uploads > Select “Delete incomplete multipart uploads”
  9. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Permanently delete noncurrent versions of objects > Delete expired object delete markers or incomplete multipart uploads > Incomplete multipart uploads > Delete incomplete multipart uploads > Number of days > Enter “3” or ???
  10. Amazon S3 > Buckets > yourdomain-subdomain-backups > Management > Lifecycle configuration > Confirm “Review transition and expiration actions” is correct > Select “Create rule”

Create the uploads bucket yourdomain-subdomain-uploads

  1. Go to Amazon S3 > Buckets > Select “Create bucket
  2. Amazon S3 > Buckets > Create bucket > General configuration > Confirm “General Purpose” selection
  3. Amazon S3 > Buckets > Create bucket > General configuration > Bucket name > Enter uploads bucket name i.e. yourdomain-subdomain-uploads
  4. Amazon S3 > Buckets > Create bucket > General configuration Select “ACLs enabled”
  5. Amazon S3 > Buckets > Create bucket > Block Public Access settings for this bucket > Deselect “Block all public access” then Select “Block public access to buckets and objects granted through new public bucket or access point policies” and “Block public and cross-account access to buckets and objects through any public bucket or access point policies”
  6. Amazon S3 > Buckets > Create bucket > Block Public Access settings for this bucket > Turning off block all public access might result in this bucket and the objects within becoming public > Select “I acknowledge that the current settings might result in this bucket and the objects within becoming public.”
  7. Amazon S3 > Buckets > Create bucket > Select “Create bucket”
  8. Amazon S3 > Buckets > Buckets screen > Select newly created bucket i.e. yourdomain-subdomain-uploads
    Return to do step 9 after creating Distribution #2
  9. Amazon S3 > Buckets > yourdomain-subdomain-uploads > Permissions > Bucket policy > Select Edit > Paste JSON from Create distribution #2 11. CloudFront > Distributions > Distribution ID > Edit origin > Origin access control > Select “Save changes”
  10. Amazon S3 > Buckets > yourdomain-subdomain-uploads > Permissions > Access control list (ACL) > Select Edit > Everyone (public access) > Select “Read” > When you grant access to the Everyone or Authenticated users group grantees, anyone in the world can access the objects in this bucket. Select “I understand the effects of these changes on my objects and buckets.” > Select “Save changes”

Create a configuration process bucket a-origin-config-bucket

Create a bucket to be used during Distribution #1 configuration process. Name and configuration are unimportant since the bucket is only used temporarily as an initial origin which will be deleted during the configuration process.

  1. Go to Amazon S3 > Buckets > Select “Create bucket
  2. Amazon S3 > Buckets > Create bucket > General configuration > Confirm “General Purpose” selection
  3. Amazon S3 > Buckets > Create bucket > General configuration > Bucket name > Enter uploads bucket name i.e. a-origin-config-bucket
  4. Toggle through the configuration pages and “Create bucket”

CloudFront Distributions

Create two AWS S3 Cloudfront distributions. One to serve website assets and the second to serve uploads bucket assets.

Create distribution #1

  Distribution #1
    DISCOURSE_CDN_URL
      Distribution name: cdn-yourdomain-subdomain
      Origin: subdomain.yourdomain.tld
      Distribution domain name (Cloudfront URL): AWS-assigned.cloudfront.net
      Alternate domain names: discourse-cdn.yourdomain.tld
  1. Go to CloudFront > Distributions > Select “Create
  2. CloudFront > Distributions > Create distribution > Choose a plan > Select “Pay as you go” > Select “Next”
  3. CloudFront > Distributions > Create distribution > Get started > Distribution options > Distribution name > Enter distribution name i.e. cdn-yourdomain-subdomain
  4. CloudFront > Distributions > Create distribution > Get started > Distribution options > Description - optional > Enter “cdn-yourdomain-subdomain” (Optional but helps with visibilty)
  5. CloudFront > Distributions > Create distribution > Get started > Distribution options > Distribution type > Confirm “Single website or app” selection > Select “Next”
  6. CloudFront > Distributions > Create distribution > Specify origin > Origin type > Confirm “Amazon S3” selection
  7. CloudFront > Distributions > Create distribution > Specify origin > Origin > S3 origin > Select “Browse S3” > Select the configuration process bucket “a-origin-config-bucket” > Select “Choose” > Select “Next”
  8. CloudFront > Distributions > Create distribution > Enable security > make your choices - for this guide > Select “Do not enable security protections” > Select “Next”
  9. CloudFront > Distributions > Create distribution > Review and create > Confirm "Review and create: is correct > Select “Create distribution” → Newly created distribution information page should open in CloudFront > Distributions > Distribution ID
  10. CloudFront > Distributions > Distribution ID > Origins > Select “Create origin” Info: The distribution requires the Discourse instance domain as the origin!
  11. CloudFront > Distributions > Distribution ID > Create origin > Settings > Origin domain > Enter discourse instance domain i.e. subdomain.yourdomain.tld > Select “Create origin”
  12. CloudFront > Distributions > Distribution ID > Behaviors > Select the lone behavior “Default (*)” > Select “Edit”
  13. CloudFront > Distributions > Distribution ID > Behaviors > Edit behavior > Settings > Origin and origin groups > Select the Custom origin “subdomain.yourdomain.tld” > Select “Save changes”
  14. CloudFront > Distributions > Distribution ID > Origins > Select the original origin “a-origin-config-bucket.s3.us-east-1.amazonaws.com” > Select “Delete” Info: The deployment must be complete, see CloudFront > Distributions > Distribution ID > Details > Last modified
    If using a branded CDN URL → Step 15
  15. CloudFront > Distributions > Distribution ID > Alternate domain names > Select “Add domain”
  16. CloudFront > Distributions > Distribution ID > Alternate domain names > Add domain > Configure domains > Domains > Domains to serve > Enter the DISCOURSE_CDN_URL i.e. discourse-cdn.yourdomain.tld > Select “Next”

Incomplete: Alternate domain names: discourse-cdn.yourdomain.tld

Create distribution #2

  Distribution #2
    DISCOURSE_S3_CDN_URL
      Distribution name: s3-yourdomain-subdomain-uploads
      Origin: yourdomain-subdomain-uploads
      Distribution domain name (Cloudfront URL: AWS-assigned.cloudfront.net
      Alternate domain names: s3-cdn.yourdomain.tld
  1. CloudFront > Distributions > Create distribution
  2. CloudFront > Distributions > Create distribution > Choose a plan > Select “Pay as you go” > Select “Next”
  3. CloudFront > Distributions > Create distribution > Get started > Distribution options > Distribution name > Enter distribution name i.e. s3-yourdomain-subdomain-uploads
  4. CloudFront > Distributions > Create distribution > Get started > Distribution options > Description - optional > Enter “s3-yourdomain-subdomain-uploads” (Optional but helps with visibilty)
  5. CloudFront > Distributions > Create distribution > Get started > Distribution options > Distribution type > Confirm “Single website or app” selection > Select “Next”
  6. CloudFront > Distributions > Create distribution > Specify origin > Origin type > Confirm “Amazon S3” selection
  7. CloudFront > Distributions > Create distribution > Specify origin > Origin > S3 origin > Select “Browse S3” > Select the uploads bucket “yourdomain-subdomain-uploads” > Select “Choose” > Select “Next”
  8. CloudFront > Distributions > Create distribution > Enable security > make your choices - for this guide > Select “Do not enable security protections” > Select “Next”
  9. CloudFront > Distributions > Create distribution > Review and create > Confirm "Review and create: is correct > Select “Create distribution” → Newly created distribution information page should open in CloudFront > Distributions > Distribution ID
  10. CloudFront > Distributions > Distribution ID > Origins > Select the origin > Select “Edit”
  11. CloudFront > Distributions > Distribution ID > Edit origin > Origin access control > ! You must allow access to CloudFront using this policy… > Select “Copy policy” > Go to Create the uploads bucket 9. Amazon S3 > Buckets > yourdomain-subdomain-uploads > Permissions > Bucket policy

Incomplete: Alternate domain names: s3-cdn.yourdomain.tld

Discourse Configuration

Current as of Discourse version: 2025.12.0-latest

Make these changes in Discourse Admin UI

Backups Settings /admin/backups/settings

  1. Maximum backups > Enter the number of backups to keep locally
  2. Backup with uploads > Select “Include uploads in scheduled backups. Disabling this will only backup the database.”

S3 Settings /admin/site_settings/category/all_results?filter=S3

  1. S3 use CDN URL for all uploads > Select “Use CDN URL for all the files uploaded to s3 instead of only for images.” (Discourse ships deselected)

Edit Config (app.yml) Unbranded URLs

Edit the app.yml making the changes below for branded URLs or unbranded Cloudfront URLs.

Discourse Unbranded URLs

Use this for unbranded Cloudfront distributions. Your DISCOURSE_S3_REGION might be different.
DISCOURSE_CDN_URL: https://amazonassigned.cloudfront.net

S3 storage config (unbranded)

## S3 storage config
DISCOURSE_USE_S3: true
DISCOURSE_S3_REGION:  us-east-1
DISCOURSE_S3_ACCESS_KEY_ID: key obfuscated
DISCOURSE_S3_SECRET_ACCESS_KEY: key obfuscated
DISCOURSE_S3_CDN_URL: https://amazonassigned.cloudfront.net
DISCOURSE_S3_BUCKET: your-bucket-name-uploads
DISCOURSE_S3_BACKUP_BUCKET: your-bucket-name-backups
DISCOURSE_BACKUP_LOCATION: s3

Discourse Branded URLs

DNS Configuration

If you prefer to use yourdomain.com based URLs for the CDNs you need to make some DNS changes and adjust your CDN URLs.

Tip: Don’t forget to add discourse-cdn.yourdomain.com and s3-cdn.yourdomain.com as a domain name in “Alternate domain names” for their respective Cloudfront distributions.

DNS config if you want to use domain branded Cloudfront distributions.

DISCOURSE_CDN_URL

Existing record:	A   discourseinstance.yourdomain.com   instance ip  Note: This is the existing Discourse install ip.
New record:		A   discourse-cdn-cloudfront.yourdomain.com   instance ip
New record: 		CNAME discourse-cdn.yourdomain.com  ->   amazonassigned.cloudfront.net

DISCOURSE_S3_CDN_URL

New record:		CNAME s3-cdn-cloudfront.yourdomain.com  ->   amazonassigned.cloudfront.net
New record: 	CNAME  s3-cdn.yourdomain.com  ->   s3-cdn-cloudfront.yourdomain.com

Edit Config (app.yml) Branded URLs

Once the DNS changes are complete you can edit your app.yml making the changes below.

Change DISCOURSE_CDN_URL and/or DISCOURSE_S3_CDN_URL if you are using domain CNAMES for the Cloudfront distribution (amazonassigned.cloudfront.net).

DISCOURSE_CDN_URL: https://discourse-cdn.yourdomain.com

S3 storage config (branded)

## S3 storage config
DISCOURSE_USE_S3: true
DISCOURSE_S3_REGION:  us-east-1
DISCOURSE_S3_ACCESS_KEY_ID: key obfuscated
DISCOURSE_S3_SECRET_ACCESS_KEY: key obfuscated
DISCOURSE_S3_CDN_URL: https://s3-cdn.yourdomain.com
DISCOURSE_S3_BUCKET: your-bucket-name-uploads
DISCOURSE_S3_BACKUP_BUCKET: your-bucket-name-backups
DISCOURSE_BACKUP_LOCATION: s3

Additional Config Edits (app.yml)

Regardless of which approach you use, branded or Cloudfront URLs, you will need the after_assets_precompile section below to ensure things stay updated during subsequent rebuilds.

  hooks:
    after_code:
      - exec:
          cd: $home/plugins
          cmd:
            - git clone https://github.com/discourse/docker_manager.git
            -you may have more plugins
    after_assets_precompile:
      - exec:
          cd: $home
          cmd:
            - sudo -E -u discourse bundle exec rake s3:upload_assets
            - sudo -E -u discourse bundle exec rake s3:expire_missing_assets

Rebuild your instance with ./launcher rebuild app

After ./launcher rebuild app completes successfully do these rakes.

./launcher enter app

rake posts:rebake
rake uploads:migrate_to_s3
rake posts:rebake_uncooked_posts

rake s3:upload_assets
rake s3:expire_missing_assets

If the rakes complete without errors then you are good to go.

On some sites the initial rebuild will fail with an error relating to s3:upload_assets. If this happens,

check “read” setting on uploads bucket. If correctly set then,

comment out or remove the after_assets_precompile section:

  after_assets_precompile:
      - exec:
          cd: $home
          cmd:
            - sudo -E -u discourse bundle exec rake s3:upload_assets
            - sudo -E -u discourse bundle exec rake s3:expire_missing_assets

and run ./launcher rebuild app again. Then run “rake s3:upload_assets” and “rake s3:expire_missing_assets”.

If both of the rakes complete without errors then re-add or uncomment the after_assets_precompile section, rebuild again and do the all the rakes listed above.

If either of the rakes give an error or the rebuild fails again you have something wrong in your app.yml and/or AWS S3 configs and/or DNS records. Happy hunting! :slight_smile:

FAQ

Getting Started FAQ

AWS FAQ

IAM User FAQ

S3 Buckets FAQ

  1. Why can’t I see the non-current backups in the backups bucket /Default folder?
  2. It has been many days since backups started disappearing from Backups /Default folder, where did they go?

S3 Distributions FAQ

Discourse Configuration FAQ

  1. Do I have to use app.yml if I only want to use S3 for backups?
  2. Why is using app.yml for using S3 the recommended approach?

Resources

To-Do

  1. Initial feedback based post publish edits
  2. Confirm approach in Cleanup rule
  3. Is there a more efficient way to replace a-origin-config-bucket with subdomain.yourdomain.tld in Create distribution #1 ??? Can selecting “Other” instead of “Amazon S3” as the Origin type in CloudFront > Distributions > Create distribution > Specify origin > Origin type work? Currently testing this approach again but still “no joy”.
  4. Better title
  5. Distribution #1 Need instructions Alternate domain names: discourse-cdn.yourdomain.tld
  6. Distribution #2 Need instructions Alternate domain names: s3-cdn.yourdomain.tld
  7. Create/find list of Discourse hosts
  8. Add screenshots
  9. Wrap initial round of edits
  10. Build FAQ
  11. Publish Discourse version here and in resource docs
  12. Update AWS_S3_Config.txt, s3-discourse-policy-your-iam-user.txt, AWS_S3_Config_Process.txt, Guide_AWS_S3_Config-sandbox.websystems360.txt, s3-discourse-policy-websystems360-sandbox.txt
Issues with AWS CDN and S3
2

Réponse de l’OP pour les réflexions, commentaires, informations de modification, processus et???

Réponse du Support AWS concernant : Confirmation de l’approche dans la règle de nettoyage

J’ai examiné la configuration de votre règle de cycle de vie proposée, et je suis heureux de confirmer que votre configuration est bien conçue et suit les meilleures pratiques AWS pour la gestion des buckets de sauvegarde.

========== Évaluation de la règle de cycle de vie ==========

Votre configuration est excellente et couvre les domaines clés pour le nettoyage des sauvegardes :

• Nettoyage des versions non actuelles (92 jours) : Il s’agit d’une période de rétention judicieuse qui équilibre les coûts de stockage et les besoins de récupération. La rétention de 92 jours laisse amplement le temps de valider les sauvegardes tout en empêchant l’accumulation indéfinie de stockage.

• Suppression des marqueurs de suppression expirés : Correctement configuré pour nettoyer automatiquement les marqueurs de suppression orphelins, ce qui contribue à optimiser les coûts de stockage et les performances du bucket.

• Nettoyage des téléchargements multiparties incomplets (3 jours) : Le réglage de 3 jours est optimal - assez court pour éviter le gaspillage de stockage dû aux téléchargements échoués, mais assez long pour accueillir les opérations de sauvegarde volumineuses légitimes.

• Application de la portée : L’application à « tous les objets du bucket » est appropriée pour les buckets de sauvegarde dédiés où tout le contenu suit le même modèle de cycle de vie.

Réponse du Support AWS concernant : Configuration du cycle de vie des buckets de sauvegarde

Examen de la configuration du cycle de vie S3 pour les buckets de sauvegarde

J’ai analysé votre configuration complète du cycle de vie et je peux confirmer que votre règle de « rétention de sauvegarde » est bien structurée et suit les meilleures pratiques AWS pour la gestion des sauvegardes.

Principales conclusions de mon enquête :

  • Votre bucket possède deux règles de cycle de vie complémentaires qui fonctionnent ensemble efficacement
  • La règle de « rétention de sauvegarde » gère correctement les versions actuelles et non actuelles avec des calendriers appropriés
  • La configuration comprend des transitions de stockage rentables pour les versions non actuelles
  • Tous les composants de la règle sont correctement configurés avec des paramètres de temporisation appropriés
  • Le bucket est correctement configuré dans us-east-1 avec les autorisations appropriées

Évaluation de la configuration :

Votre règle de « rétention de sauvegarde » gère efficacement vos objets de sauvegarde tout au long de leur cycle de vie :

  • Transitionne les versions non actuelles vers Glacier Instant Retrieval après 1 jour (optimisation des coûts)
  • Expirer les versions actuelles après 7 jours (approprié pour les sauvegardes régulières)
  • Supprime définitivement les versions non actuelles après 91 jours (bonne période de rétention)

Cette règle complète votre règle de « nettoyage » qui gère :

  • La suppression des marqueurs de suppression expirés (empêche les marqueurs orphelins)
  • Le nettoyage des téléchargements multiparties incomplets après 3 jours (prévient le gaspillage de stockage)
  • La suppression des versions non actuelles après 92 jours (assure un nettoyage complet)

Les deux règles s’appliquent à tous les objets du bucket, ce qui est approprié pour le stockage de sauvegarde dédié où tout le contenu suit le même modèle de cycle de vie.

L’expiration de 7 jours pour les versions actuelles semble appropriée pour les scénarios de sauvegarde réguliers, mais vous pouvez l’ajuster en fonction de vos exigences de rétention spécifiques (15 ou 30 jours si une rétention plus longue est nécessaire).

Votre implémentation est complète et suit les meilleures pratiques AWS pour la gestion du cycle de vie S3.