Certified Security - Specialty

Sign Up Free or Log In to participate!

CloudTrail Logs to Glacier

Just as a hint to others out there with long-term storage requirements, do NOT push logs (CloudTrail, S3 Access Logs, etc) to Glacier without doing something to them first (unless of course – you have a requirement to not modify them). 

We set up a policy to push our CloudTrail logs to Glacier after 1 year and it cost us several thousand dollars in transport costs to Glacier (we already had >3 years of logs). It actually cost us less per year to store them in regular S3 because it’s a bunch of tiny files and you are charged per 1000 requests/objects to transfer them to Glacier. Additionally, the overhead of storage in Glacier doubled the on-disk size of all our logs – so we’re being charged 1/4 as much per GB but we doubled the number of GB by pushing to Glacier.

I suggest setting something up to make an zip file after x period, upload that zip, delete the originals, and then transfer that zip file to Glacier after a few months. This, of course, depends on your audit requirements. I know for some of our clients, they want to see the last modified date exactly match the log date, so we cannot do this for their logs. At that point, it’s not worth it to have a lifecycle policy to Glacier…

Christopher Linden

I advise against moving CT trails to Glacier for that very reason. The transfer cost is going to heavily eat into the storage savings, especially if you’re moving a large backlog. Plus, I like to know that my CT logs have been untouched in any way. They are EXACTLY where and as CloudTrail itself put them. Open to other thoughts.

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?