CASE 118 · WEND · 2024
Logs we keep forever, on storage that knows we’re lying.
A B2B platform had three S3 buckets holding CloudTrail logs, VPC Flow Logs, and ALB access logs. All three were on Standard storage, indefinitely. The buckets had grown to 380TB and were costing $9k/month. We applied lifecycle policies sized to the actual access pattern.
B2B platform
COST
2024
RESULTS
What changed, by the numbers.
LOG STORAGE BILL
−86%
RETRIEVAL EVENTS / MO
< 5
AUDIT WINDOW
7 YEARS
WORM PROTECTION
OBJECT LOCK
HOW IT WENT
The retention was a regulatory requirement; the storage class was just "what S3 defaulted to seven years ago." The team had never had a reason to question it. We started by counting accesses against the log buckets over six months: under five retrieval events per month total, almost all for forensic investigation of logs less than two weeks old.
Lifecycle policies moved logs to Glacier Instant Retrieval after 14 days, then to Glacier Deep Archive after 90 days. Object Lock in compliance mode protected the retention window. The few retrieval events still ran promptly from Instant Retrieval or with the standard Deep Archive 12-hour wait.
Bill dropped 86%. The compliance window is intact. The five-per-month retrievals get answered without anyone noticing the change. Annualised, the saving funds a security engineer.
RELATED · SAME DOMAIN
Other engagements in this space.
READY WHEN YOU ARE
Let's get your AWS bill (and architecture) in order.
The discovery call is free. You walk away with at least one concrete idea — even if we never work together.