← All posts
2 min read

Audit all S3 lifecycle rules

#aws#cli#s3#storage
📑 On this page

Part 52 of AWS from Zero. This lesson keeps the scope to one S3 behavior you can verify from the terminal.

What we are learning

A lifecycle audit should reveal which rules are enabled and which data each rule can affect.

Before you run it

aws sts get-caller-identity
REGION="ap-south-1"
BUCKET="replace-with-your-private-demo-bucket"

Use a private general purpose bucket that you own. Replace every placeholder before running a write or delete command.

The command

aws s3api get-bucket-lifecycle-configuration \
  --bucket "$BUCKET"

A successful configuration command may return no output. Treat inspection as a separate required step.

Inspect the result

aws s3api get-bucket-lifecycle-configuration \
  --bucket "$BUCKET" \
  --query "Rules[].{ID:ID,Status:Status,Filter:Filter,Expiration:Expiration,Transitions:Transitions,NoncurrentExpiration:NoncurrentVersionExpiration,AbortMultipart:AbortIncompleteMultipartUpload}"

Read the returned fields rather than assuming the write succeeded exactly as intended.

One tiny variation

aws s3api get-bucket-lifecycle-configuration \
  --bucket "$BUCKET" \
  --query "Rules[?Status=='Enabled'].ID" \
  --output text

Filter to enabled rule IDs for a quick operational checklist.

Common mistake

Do not review only rule names. A friendly ID can hide a broad empty-prefix filter or a destructive expiration action.

Cleanup

# This lesson does not require an additional persistent resource.
aws s3api head-bucket --bucket "$BUCKET"

Keep the shared demo bucket for the next lesson, or remove only the configuration and objects created here.

Next, we will learn Create a presigned S3 download URL.

Official AWS CLI reference