Answer-first summary for fast verification
Answer: Configure the S3 Lifecycle policy to delete previous versions as well as current versions.
## Explanation The key issue described in the scenario is that: 1. S3 Versioning is enabled on the CloudTrail target bucket 2. An S3 Lifecycle policy is configured to delete **current objects** after 3 years 3. However, the number of objects continues to rise even after 3 years This happens because when S3 Versioning is enabled: - Deleting a current object doesn't actually remove it from S3 - Instead, it creates a **delete marker** and the object becomes a **previous version** - The actual object data remains as a previous version **Why option B is correct:** - Configuring the S3 Lifecycle policy to delete **previous versions** as well as current versions will properly clean up all object data - This is the most cost-effective solution because: - S3 Lifecycle policies are free to configure - They run automatically without additional compute costs - They handle the deletion process efficiently at scale **Why other options are incorrect:** - **Option A**: CloudTrail trails don't have an "expire objects" configuration. CloudTrail only delivers logs to S3; retention management must be handled at the S3 level. - **Option C**: While a Lambda function could work, it would incur additional costs (Lambda execution time, potential API calls) and requires ongoing maintenance. This is not the most cost-effective solution. - **Option D**: Changing object ownership doesn't address the versioning issue. The problem is that previous versions aren't being deleted, not an ownership problem. **Key AWS Concepts:** - **S3 Versioning**: When enabled, deleting an object creates a delete marker and preserves previous versions - **S3 Lifecycle Policies**: Can manage both current and previous versions - **NoncurrentVersionExpiration**: The specific lifecycle rule that deletes previous versions after a specified number of days **Best Practice:** When using S3 Versioning with retention requirements, always configure lifecycle policies for both current and previous versions to avoid unexpected storage costs.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company needs to retain its AWS CloudTrail logs for 3 years. The company is enforcing CloudTrail across a set of AWS accounts by using AWS Organizations from the parent account. The CloudTrail target S3 bucket is configured with S3 Versioning enabled. An S3 Lifecycle policy is in place to delete current objects after 3 years.
After the fourth year of use of the S3 bucket, the S3 bucket metrics show that the number of objects has continued to rise. However, the number of new CloudTrail logs that are delivered to the S3 bucket has remained consistent.
Which solution will delete objects that are older than 3 years in the MOST cost-effective manner?
A
Configure the organization's centralized CloudTrail trail to expire objects after 3 years.
B
Configure the S3 Lifecycle policy to delete previous versions as well as current versions.
C
Create an AWS Lambda function to enumerate and delete objects from Amazon S3 that are older than 3 years.
D
Configure the parent account as the owner of all objects that are delivered to the S3 bucket.