Skip to content
Last9 Last9
Book a Demo

Cold Storage

Learn how to configure AWS S3 cold storage for log archival and cost optimization with Last9

Automatically archive logs older than 14 days to S3 for cost-effective storage and on-demand rehydration.

Control Plane

Setup

  1. Create IAM Role with permissions to the S3 bucket:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:ListBucket",
        "s3express:CreateSession"
      ],
      "Resource": [
        "arn:aws:s3:::<YOUR_BUCKET_NAME>",
        "arn:aws:s3:::<YOUR_BUCKET_NAME>/*"
      ]
    }
  ]
}
  1. Add Trust Relationship:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "s3.amazonaws.com",
        "AWS": "arn:aws:iam::<LAST9_STORAGE_USER>"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
  1. Make sure that the role session expirry is set to minimum 4 hours.
  1. Enable Cold Storage

Configure your bucket name and role ARN in Cold Storage.

  1. Once the cold storage is enabled, you can rehydrate the logs on demand. Read the Rehydration guide for more details.

Troubleshooting

Need help? Join our Discord or email cs@last9.io.