Search code examples
amazon-web-servicesamazon-s3s3-object-tagging

AWS S3 Lifecycle Rule Not Taking Effect


I have a bucket with about 23 million objects in and each of these objects has a prefix e.g. 5f930e87b0f83/ where 5 or 6 objects share the same prefix. Some of the objects are a number of years old. The bucket is not versioned.

I've set up a lifecycle rule on the bucket to delete objects 30 days after they're created and have set up a tag filter to identify the objects to apply this to. These tags have been applied retrospectively using a batch operation.

The rule configuration is as follows, note that I'm just filtering on the tag key and don't care what the tag value is so have left this blank.

aws s3api get-bucket-lifecycle-configuration --bucket some-bucket
{
    "Rules": [
        {
            "Expiration": {
                "Days": 30
            },
            "ID": "Delete Objects after 30 days",
            "Filter": {
                "Tag": {
                    "Key": "delete_after_30_days",
                    "Value": ""
                }
            },
            "Status": "Enabled"
        }
    ]
}

The tags are showing against the objects, e.g.

% aws s3api get-object-tagging --bucket some-bucket --key 5f930e87b0f83/video.mp4
{
    "TagSet": [
        {
            "Key": "delete_after_30_days",
            "Value": "true"
        }
    ]
}

The tags where added a couple of weeks ago and the rule was set up shortly after this once all the tags had been added. I know there can be a delay in the lifecycle rule taking effect but I've read that this is normally only a couple of days, but none of the tagged objects have been deleted or been tagged for deletion.

I'm at a bit of a loss as to what to check next, I'm not aware of any other configuration that's needed, for example around permissions, for a lifecycle rule to work.

Any help would be appreciated. Thanks


Solution

  • Following on from the comment by John Rotenstein (many thanks), it appears that the tag value was required for it to work. This had been left blank as it's marked as optional in the AWS console so it was assumed that a blank value would catch any object with the matching tag key. After updating the tag value the rule has identified the correct objects.

    So, in summary, it appears that both tag key and tag value are required, at least if the object tag has a value, and a blank tag value in the lifecycle rule does not work as a catch-all.