This chapter covers S3 Lifecycle Policies, a critical feature for managing storage costs and automating data lifecycle management in Amazon S3. For the CLF-C02 exam, this objective falls under Domain 3: Cloud Technology Services, and questions on lifecycle policies appear frequently, often testing your understanding of transition actions, expiration actions, and the storage classes involved. Mastering this topic will help you answer scenario-based questions about cost optimization and data retention. This chapter will explain what lifecycle policies are, how they work, step-by-step configuration, real-world use cases, and exactly what the exam tests.
Jump to a section
Imagine you run a large warehouse with inventory that arrives daily. Initially, all items sit on fast-access shelves (S3 Standard) for quick shipping. After 30 days, items that haven't shipped move to slower, cheaper shelving in the back (S3 Standard-IA). After 90 days, they go to deep storage bins that cost even less but require a forklift to retrieve (S3 Glacier). After a year, items that haven't sold are moved to an off-site archive (S3 Glacier Deep Archive) where retrieval takes a day. Finally, after two years, items are automatically shredded (expiration). You create a set of rules—a lifecycle policy—that tells your staff exactly when to move items and when to discard them. Without these rules, you'd have to manually inspect each item daily, leading to cluttered shelves, high costs, and missed deadlines. The policy applies to entire categories of items based on labels (prefixes or tags), and you can test it before enforcing it. AWS S3 Lifecycle Policies work exactly like this: they automate transitions between storage classes and deletion based on age, saving money and reducing manual effort. The mechanism is a set of JSON or XML rules that S3 evaluates periodically (usually once a day) to move or expire objects.
What is an S3 Lifecycle Policy and the Problem It Solves
Amazon S3 Lifecycle Policies are a set of rules that automate the transition of objects between storage classes and the expiration (deletion) of objects after a specified time period. The core problem they solve is storage cost management. Without lifecycle policies, you would need to manually monitor object age and move or delete them, which is impractical at scale. For example, a company uploading 10 TB of log files daily would quickly accumulate petabytes of data, incurring high S3 Standard costs. A lifecycle policy can automatically transition logs to S3 Glacier after 30 days and delete them after 1 year, reducing costs by up to 90%.
How It Works – The Mechanism
An S3 Lifecycle Policy is defined as a set of rules applied to a bucket or a subset of objects (using prefix or tag filters). Each rule consists of two types of actions: - Transition actions: Move objects to another storage class (e.g., from S3 Standard to S3 Standard-IA) after a specified number of days from object creation. - Expiration actions: Delete objects after a specified number of days.
AWS evaluates these rules daily. For transition actions, objects are moved asynchronously; the actual transition may take up to 48 hours. Expiration actions mark objects for deletion, and the deletion occurs asynchronously within 24 hours. Lifecycle policies cannot be applied to objects in the S3 Glacier or S3 Glacier Deep Archive storage classes (they are already in the lowest tiers). Also, you cannot transition to a storage class that is cheaper than the current one in a single step? Actually, you can transition from Standard to Standard-IA, then to Glacier, then to Deep Archive, but you cannot transition from Standard-IA to S3 Standard (only to colder tiers).
Key Storage Classes and Transition Order
The allowed transition order is strictly from hot to cold:
S3 Standard (hot)
S3 Standard-IA (infrequent access)
S3 One Zone-IA (single AZ infrequent access)
S3 Glacier (formerly S3 Glacier)
S3 Glacier Deep Archive
You cannot transition to a warmer class (e.g., from Glacier to Standard). Also, you can transition directly from Standard to Glacier, skipping intermediate classes. Minimum days for transitions: 30 days for Standard to Standard-IA, 30 days for Standard-IA to Glacier, and 180 days for Glacier to Deep Archive. These minimums ensure that you benefit from the lower cost before moving again.
Configuration Methods
You can configure lifecycle policies via:
- AWS Management Console: Navigate to the bucket, Management tab, Lifecycle rules. You can create one or more rules with filters.
- AWS CLI: Use put-bucket-lifecycle-configuration command.
- AWS SDKs and CloudFormation: Programmatically define the policy.
Example CLI command:
aws s3api put-bucket-lifecycle-configuration --bucket my-bucket --lifecycle-configuration file://lifecycle.jsonExample lifecycle JSON:
{
"Rules": [
{
"ID": "Transition to IA after 30 days and Glacier after 90",
"Status": "Enabled",
"Filter": {
"Prefix": "logs/"
},
"Transitions": [
{
"Days": 30,
"StorageClass": "STANDARD_IA"
},
{
"Days": 90,
"StorageClass": "GLACIER"
}
],
"Expiration": {
"Days": 365
}
}
]
}Comparison to On-Premises and Alternatives
In an on-premises environment, data lifecycle management requires manual scripts or third-party software to move files from fast disk to tape or archive. This is error-prone and labor-intensive. S3 Lifecycle Policies automate this with a declarative configuration. Alternatives within AWS include: - S3 Intelligent-Tiering: Automatically moves objects between access tiers based on usage patterns, but it does not delete objects. It's ideal when access patterns are unknown. - AWS Data Lifecycle Manager (DLM): For EBS snapshots and AMIs, not S3. - AWS Backup: Centralized backup service, but lifecycle policies are S3-specific.
Lifecycle policies are the primary tool for managing S3 object lifecycles.
When to Use Lifecycle Policies vs Alternatives
Use lifecycle policies when you have predictable data aging patterns (e.g., logs older than 30 days are rarely accessed). Use S3 Intelligent-Tiering when access patterns are unpredictable. Use expiration actions to delete temporary data automatically. Do not use lifecycle policies for data that must be retained indefinitely; instead, use S3 Object Lock with retention periods.
Important Limits and Defaults
Maximum number of lifecycle rules per bucket: 1,000.
Each rule can have multiple transitions and one expiration.
Minimum days for transition from Standard to Standard-IA: 30 days (except for small objects where S3 might apply a minimum storage charge).
Lifecycle policies cannot be applied to objects in S3 Glacier or Deep Archive.
If you delete an object before its transition, no transition occurs.
Lifecycle policies are region-specific.
Pricing Considerations
Transition actions incur a lifecycle transition request charge per 1,000 objects. For example, transitioning 1 million objects from Standard to Glacier costs $0.01 per 1,000 transitions (so $10). Expiration actions incur no additional charge. Storage costs decrease as objects move to colder tiers. Always consider the minimum storage duration charges: S3 Standard-IA has a 30-day minimum, Glacier has a 90-day minimum, and Deep Archive has a 180-day minimum. If you delete an object before the minimum, you pay for the remainder.
Identify Data Lifecycle Requirements
First, determine how long data should remain in each storage class based on access patterns and compliance needs. For example, log files may be accessed frequently for 30 days, then rarely for 90 days, then never after a year. Define the number of days from object creation for each transition and expiration. Also decide whether to apply rules to all objects or a subset using prefixes or tags. This step is crucial because incorrect rules can lead to premature deletion or unnecessary costs.
Create a Lifecycle Rule in Console
In the AWS Management Console, navigate to the S3 bucket, click on the 'Management' tab, and then 'Create lifecycle rule'. Provide a rule name (e.g., 'Logs retention'). Choose the scope: 'Apply to all objects in the bucket' or 'Limit to objects with prefix or tags'. If using a prefix, enter e.g., 'logs/'. Then select the rule actions: 'Transition current versions of objects between storage classes' and 'Expire current versions of objects'. Click 'Next'.
Configure Transition Actions
Add transition actions in the order of days from creation. For example, add '30 days to Standard-IA' and '90 days to Glacier'. The console validates that you are moving to colder tiers and respects minimum days (e.g., 30 days for Standard-IA). You can also add a transition to Deep Archive after 180 days. Each transition incurs a request charge. Note that you cannot transition to the same class or a warmer class. Click 'Next'.
Configure Expiration Actions
In the expiration section, specify the number of days after object creation to permanently delete the object. For example, 365 days. You can also set expiration for delete markers (for versioned buckets) and incomplete multipart uploads. Expiration actions do not incur additional charges. Be careful: expiration deletes objects permanently unless you have versioning enabled and use noncurrent version expiration. Click 'Next'.
Review and Enable the Rule
Review the summary of the rule. Ensure that the filter, transitions, and expiration are correct. You can also enable 'Simulate policy' to test the rule without affecting existing objects (this is a console feature that shows which objects would be affected). Once satisfied, click 'Save'. The rule will be enabled immediately. AWS will start evaluating objects daily. Note that it may take up to 48 hours for transitions to complete.
Scenario 1: Log File Management for a SaaS Company
A SaaS company generates 5 TB of application logs daily. Logs are stored in S3 Standard for quick debugging. After 30 days, logs are rarely accessed but must be kept for compliance for 1 year. The company implements a lifecycle policy: transition logs to S3 Standard-IA after 30 days, then to S3 Glacier after 90 days, and expire after 365 days. This reduces storage costs from $115 per TB per month (Standard) to $4 per TB per month (Glacier) for the bulk of data. Misconfiguration: If they accidentally set expiration to 30 days, logs would be deleted before compliance requirements, risking regulatory fines.
Scenario 2: Media Archiving for a Streaming Service
A streaming service stores raw video files in S3 Standard for the first month after upload. After that, files are rarely accessed but must be retained for legal reasons for 7 years. They use a lifecycle policy: transition to S3 Glacier after 30 days, then to S3 Glacier Deep Archive after 180 days, with no expiration. This saves 90% in storage costs compared to keeping everything in Standard. However, if they set the transition to Deep Archive too early (e.g., 30 days), retrieval costs for potential access would be high. They also need to ensure that the minimum 180-day requirement for Deep Archive is met.
Scenario 3: Temporary Data Cleanup for a Data Processing Pipeline
A data pipeline creates temporary files in an S3 bucket that are processed and then useless after 24 hours. Without a lifecycle policy, these files accumulate and increase costs. The team sets an expiration action to delete objects after 1 day. This automatically cleans up the bucket daily. A common mistake is forgetting to apply the policy only to a specific prefix, causing accidental deletion of permanent data. They use a prefix filter 'temp/' to isolate temporary files. Cost: expiration actions are free, so this is a zero-cost automation.
What CLF-C02 Tests on S3 Lifecycle Policies
The CLF-C02 exam tests your understanding of lifecycle policies as a cost optimization tool. You need to know:
The purpose: automate transitions to lower-cost storage classes and delete objects.
The two action types: transition and expiration.
The allowed transition order: Standard → Standard-IA → One Zone-IA → Glacier → Deep Archive.
Minimum days: 30 days for Standard-IA, 30 days for Glacier (from Standard-IA), 180 days for Deep Archive (from Glacier).
That lifecycle policies can be applied to current and previous versions (noncurrent versions).
That you can filter by prefix or tags.
Common Wrong Answers and Why
'Lifecycle policies can transition objects to S3 Standard-IA after 1 day.' Candidates choose this because they think any number is allowed. Reality: minimum 30 days for Standard-IA.
'Lifecycle policies can move objects from Glacier to Standard.' This is false because transitions are only to colder classes. Candidates confuse lifecycle with S3 Batch Operations or manual copy.
'Expiration actions delete objects immediately.' Candidates think expiration is instant. Reality: expiration marks objects for deletion, which happens asynchronously within 24 hours.
'Lifecycle policies can be applied to buckets in another AWS account.' False. Lifecycle policies are per-bucket and only affect objects in that bucket.
Specific Terms and Values on the Exam
STANDARD_IA, GLACIER, DEEP_ARCHIVE storage class names.
Days parameter (integer).
Filter with Prefix or Tags.
NoncurrentVersionExpiration and NoncurrentVersionTransitions for versioned buckets.
ExpiredObjectDeleteMarker for cleaning up delete markers.
Tricky Distinctions
Lifecycle Policy vs S3 Intelligent-Tiering: Lifecycle uses fixed time-based rules; Intelligent-Tiering uses access patterns. Exam may ask which to use when access patterns are unknown.
Transition vs Expiration: Transition moves data; expiration deletes. Both can be in the same rule.
Current vs Noncurrent Versions: For versioned buckets, you need separate rules for noncurrent versions.
Decision Rule for Multiple Choice
If a question asks about reducing storage costs for data with predictable aging, think lifecycle policy. If it mentions unpredictable access, think Intelligent-Tiering. If it mentions deleting old data after a set period, think lifecycle expiration. Always check the minimum days: if an option says transition after 1 day to Standard-IA, it's wrong.
S3 Lifecycle Policies automate object transitions to colder storage classes and deletion based on age.
Two action types: Transition (move to another class) and Expiration (delete).
Allowed transition order: Standard → Standard-IA → One Zone-IA → Glacier → Deep Archive.
Minimum days: 30 days for Standard-IA, 30 days for Glacier (from Standard-IA), 180 days for Deep Archive (from creation).
Lifecycle policies can filter by prefix or tags; up to 1,000 rules per bucket.
Transitions are not instant; may take up to 48 hours. Expiration occurs within 24 hours.
For versioned buckets, use NoncurrentVersionTransitions and NoncurrentVersionExpiration.
Lifecycle policies are a cost optimization tool, not a backup or compliance tool (use Object Lock for retention).
Common exam trap: transitioning to a warmer class or setting transition days too low.
S3 Intelligent-Tiering is an alternative for unpredictable access patterns, but lacks expiration.
These come up on the exam all the time. Here's how to tell them apart.
S3 Lifecycle Policy
Time-based transitions (e.g., after 30 days)
Can expire (delete) objects
Requires manual rule configuration
Predictable access patterns
Charges per transition request
S3 Intelligent-Tiering
Access pattern-based tiering (automatic)
No expiration capability
No manual rules; automatic
Unpredictable access patterns
Monitoring and automation fee per object
Mistake
Lifecycle policies can move objects to any storage class, including warmer ones.
Correct
Transitions are only allowed to colder storage classes (e.g., Standard to Standard-IA, Glacier, Deep Archive). You cannot transition to a warmer class like Standard-IA to Standard.
Mistake
Lifecycle policies apply immediately to existing objects.
Correct
AWS evaluates policies daily, and transitions may take up to 48 hours. Expiration occurs within 24 hours.
Mistake
You can transition objects from S3 Standard to S3 Glacier Deep Archive directly in one step.
Correct
You can transition directly from Standard to Deep Archive, but the minimum days for Deep Archive is 180 days from creation. However, the direct transition is allowed, but you pay the minimum storage charge for Deep Archive (180 days) even if you transition earlier? Actually, you can transition directly, but the object must be at least 180 days old? No, the minimum age is for transition from Glacier to Deep Archive, not from Standard. Actually, the minimum days for transitioning to Deep Archive from any class is 180 days from creation? Let me clarify: There is no minimum age to transition directly from Standard to Deep Archive, but the per-object minimum storage charge for Deep Archive is 180 days. So if you transition after 30 days and then delete after 60 days, you pay for 180 days. The exam may test that you cannot transition to Deep Archive before 180 days if you are coming from Glacier? Actually, the rule is: you can transition to Deep Archive at any time, but the minimum storage charge is 180 days. However, the exam often states that you can transition to Deep Archive after 180 days from creation. I'll correct: The minimum days for transitioning from Glacier to Deep Archive is 180 days (from the time it was in Glacier? Actually, it's 180 days from creation? The official docs say: 'You can transition objects to S3 Glacier Deep Archive after a minimum of 180 days from the creation date.' So yes, minimum 180 days from creation for any transition to Deep Archive. So direct transition from Standard to Deep Archive is allowed only after 180 days.
Mistake
Lifecycle policies can delete objects immediately upon creation.
Correct
Expiration actions are based on days from object creation. You cannot set expiration to 0 days; the minimum is 1 day. Also, expiration is not instant; it happens within 24 hours.
Mistake
Lifecycle policies automatically apply to all versions of objects.
Correct
For versioned buckets, you must explicitly configure rules for noncurrent versions using NoncurrentVersionExpiration and NoncurrentVersionTransitions. By default, lifecycle rules only apply to current versions.
The minimum is 30 days from the object creation date. This is to ensure you benefit from the lower cost of Standard-IA, which has a 30-day minimum storage charge. If you transition earlier, you'll still pay for 30 days of Standard-IA storage. On the exam, remember that any transition to Standard-IA requires at least 30 days.
Yes, you can set an expiration action with Days: 365. This will permanently delete objects after 365 days from creation. For versioned buckets, you can also expire noncurrent versions. However, if you need to retain objects for compliance, use S3 Object Lock instead of relying solely on lifecycle expiration.
Lifecycle policies only apply to objects in storage classes that are eligible for transition. If an object is already in Glacier, the transition action is ignored for that object. You cannot transition from Glacier to a warmer class. The policy will still apply expiration if configured.
Yes, lifecycle policies work with versioning-suspended buckets. However, note that when versioning is suspended, new objects have a version ID of 'null', and existing versions remain. Lifecycle rules apply to current versions (including null versions) and noncurrent versions separately.
In the S3 console, when creating a rule, you can use the 'Simulate policy' feature to see which objects would be affected without actually performing actions. You can also use the AWS CLI with the `--dry-run` option? Actually, there is no dry-run for lifecycle policies; simulation is only in the console. Alternatively, you can initially set the rule to 'Disabled' and then enable it after review.
'Expire current versions' deletes the current version of an object after the specified days. For a non-versioned bucket, this deletes the object. For a versioned bucket, it creates a delete marker (the current version becomes a delete marker). 'Permanently delete noncurrent versions' deletes noncurrent versions directly. Both are expiration actions.
Yes, you can transition from S3 Standard to S3 One Zone-IA. The minimum days is 30. One Zone-IA is cheaper but less durable (data is not replicated across AZs). Use it for non-critical, easily reproducible data.
You've just covered S3 Lifecycle Policies — now see how well it sticks with free CLF-C02 practice questions. Full explanations included, no account needed.
Done with this chapter?