Platform
Cold Storage
Learn how to configure AWS S3 cold storage for log archival and cost optimization with Last9
Automatically archive logs older than 14 days to S3 for cost-effective storage and on-demand rehydration.
Setup
-
Create IAM Role with permissions to the S3 bucket:
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["s3:PutObject","s3:GetObject","s3:ListBucket","s3express:CreateSession"],"Resource": ["arn:aws:s3:::<YOUR_BUCKET_NAME>","arn:aws:s3:::<YOUR_BUCKET_NAME>/*"]}]} -
Add Trust Relationship:
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"Service": "s3.amazonaws.com","AWS": "arn:aws:iam::<LAST9_STORAGE_USER>"},"Action": "sts:AssumeRole"}]} -
Make sure that the role session expirry is set to minimum 4 hours.
-
Enable Cold Storage Configure your bucket name and role ARN in Cold Storage.
-
Once the cold storage is enabled, you can rehydrate the logs on demand. Read the Rehydration guide for more details.
Service-Level Backup Configuration
You can now configure which services you want to back up to your cold storage. When configuring, you have three options:
- Default: With service-level backup not enabled, data is backed up with index-level granularity only, meaning you cannot rehydrate individual services.
- All Services: All services are backed up and you can rehydrate individual services.
- Only Selected Services: Specify which services you want to back up, giving you more granular control.
Benefits of Service-Level Backup
- Targeted cost optimization: Save money where it makes sense without compromising on critical services
- Service-appropriate retention: Match data lifecycle to each service’s actual needs
- Strategic resource allocation: Invest observability resources based on service priority
- Simplified compliance: Apply different retention rules only where legally necessary
Troubleshooting
Need help? Join our Discord or email cs@last9.io.