Building a new AWS Lab (part 1.5)

Preventing Sprawl!

Since this is only and lab and I want to keep the costs under control, I’ve opted to set some lower retention/lifecycle policies in the buckets related to logs (the default is 365 days).

Since ControlTower deploys everything using StackSets, you need to modify the StackSet rather than editing the S3 Lifecycle policy directly.

Login as your AWS Administrator from your SSO console and go to Shared Accounts -> Log Archive and click on View CloudFormation StackSet:

Now you can modify the Retention policy in the Stack parameters by clicking through:

  • Manage StackSet
  • Edit StackSet
  • Current template: Update AWSControlTowerLoggingResources
  • and then changing the retention policy to 5-days.

After this, just Next-Next-Next until you can update the StackSet… this will rollout to the account automatically.