Audit all S3 lifecycle rules
📑 On this page
Part 52 of AWS from Zero. This lesson keeps the scope to one S3 behavior you can verify from the terminal.
What we are learning
A lifecycle audit should reveal which rules are enabled and which data each rule can affect.
Before you run it
aws sts get-caller-identity
REGION="ap-south-1"
BUCKET="replace-with-your-private-demo-bucket"Use a private general purpose bucket that you own. Replace every placeholder before running a write or delete command.
The command
aws s3api get-bucket-lifecycle-configuration \
--bucket "$BUCKET"A successful configuration command may return no output. Treat inspection as a separate required step.
Inspect the result
aws s3api get-bucket-lifecycle-configuration \
--bucket "$BUCKET" \
--query "Rules[].{ID:ID,Status:Status,Filter:Filter,Expiration:Expiration,Transitions:Transitions,NoncurrentExpiration:NoncurrentVersionExpiration,AbortMultipart:AbortIncompleteMultipartUpload}"Read the returned fields rather than assuming the write succeeded exactly as intended.
One tiny variation
aws s3api get-bucket-lifecycle-configuration \
--bucket "$BUCKET" \
--query "Rules[?Status=='Enabled'].ID" \
--output textFilter to enabled rule IDs for a quick operational checklist.
Common mistake
Do not review only rule names. A friendly ID can hide a broad empty-prefix filter or a destructive expiration action.
Cleanup
# This lesson does not require an additional persistent resource.
aws s3api head-bucket --bucket "$BUCKET"Keep the shared demo bucket for the next lesson, or remove only the configuration and objects created here.
Next, we will learn Create a presigned S3 download URL.