I have the following policy statement that would require the INTELLIGENT_TIERING
storage class key applied to bucket foo
:
{
"Sid": "EnforceIntelligentTiering",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::foo/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-storage-class": "INTELLIGENT_TIERING"
}
}
}
If I try to copy a file up to this bucket that is less than the size threshold for the INTELLIGENT_TIERING
storage class (128 kB), will an error be thrown that prevents this file from being copied? Or will the standard tier be applied?
In the case of an error, how would I modify this policy so that it is only applied on files larger than the threshold, to avoid this error?
2
Answers
If you try to copy a file smaller than the threshold for the INTELLIGENT_TIERING storage class (128 kB) to the S3 bucket with the policy as is, an error will be thrown, preventing the file from being copied. This is because the policy explicitly denies any PutObject action unless the storage class is set to INTELLIGENT_TIERING. However, files smaller than 128 kB aren’t eligible for INTELLIGENT_TIERING, which leads to a conflict.
How to modify the policy to apply only for files larger than the threshold:
To avoid this error, you can modify the policy to apply the condition only to files larger than 128 kB. This can be done by adding a condition that checks the s3:content-length:
I applied your policy to one of my buckets, then uploaded a small file. It uploaded just fine:
However, the How S3 Intelligent-Tiering works – Amazon Simple Storage Service page says: