All cheat sheets
Storagecheat sheet

S3 Storage Class Analysis

The free, observation-only tool that watches a bucket's real access patterns for 30 days and tells you exactly which objects belong in cheaper storage — data-driven lifecycle rules instead of guesses.

Last reviewed: July 11, 2026

TL;DR: Storage Class Analysis is the free data-collection step everyone skips before writing lifecycle rules. Enable it on a bucket (or prefix), wait 30+ days, and it produces a CSV saying exactly which objects have gone cold and when access dropped off. It moves nothing itself — it's the evidence; lifecycle policies are the action. Typical outcome on a mature bucket: discovering 60–80% of "production" data is cold.

The numbers

  • Cost: free (you pay only pennies for the CSV report storage)
  • Typical first-pass example from the source workflow: 10 TB SaaS uploads bucket at $230/month → analysis shows 8 TB untouched for 60+ days → one lifecycle rule later, **$80/month** (a $150/month permanent cut for an afternoon's work)
  • Enterprise post-migration example: 48 of 50 TB never accessed since a datacenter-exit migration → moved to Glacier Flexible → ~$900/month saved

Do this

  1. Enable it on your biggest mixed-access bucket (console: bucket → Metrics → Storage Class Analysis, or CLI):

    aws s3api put-bucket-analytics-configuration \
      --bucket YOUR-BUCKET --id access-watch \
      --analytics-configuration file://watch.json
    

    Point the export at a reports bucket; optionally filter by prefix.

  2. Put a calendar reminder 35 days out. The tool's #1 failure mode isn't technical — it's reports nobody opens. The analysis doesn't save money; acting on it does.

  3. Write the rule the report justifies — e.g., "objects untouched after 60 days → Standard-IA at 60, Glacier at 180." You now have data to defend the change to whoever owns the bucket.

  4. Start with one bucket, not fifty. A 50-bucket analysis dump produces CSV mountains nobody reads. Learn the loop on one high-value bucket, then expand (automate configs via IaC if you have many).

Gotchas

  • It observes; it never moves data. That's deliberate — you sanity-check recommendations against workload knowledge before anything changes tier.
  • Backup jobs poison the data. A nightly process that reads every object makes everything look hot. Exclude those access patterns mentally (or the principals from the analysis scope) when reading the report.
  • Tiny objects break Glacier math. The report flags cold objects by access alone; it doesn't know your objects are 10 KB each and will be billed at 128 KB minimums in Glacier classes. Check size distribution before transitioning small-object buckets.
  • Recommendations are conservative — AWS only certifies clearly-infrequent objects; manual digging often finds more cold data than the report commits to.
  • 30+ days before results. Patience is the price of accuracy.

Skip this if

  • The bucket is tiny or its data is uniformly hot (live CDN assets) — nothing to learn.
  • Lifecycle rules are already tuned and recently reviewed.
  • Access patterns are so chaotic that no static rule will ever fit — skip straight to S3 Intelligent-Tiering and let it manage placement per object. For estate-wide visibility rather than per-bucket evidence, that's S3 Storage Lens.

Run this audit with your AI assistant

Paste this into Claude, ChatGPT, or any agent that can run the AWS CLI with read-only credentials. It audits your account for exactly the waste this sheet describes — and changes nothing.

You are setting up (in report-only form) an S3 Storage Class Analysis
review for an AWS account. Use the AWS CLI with READ-ONLY credentials.
Do not create, modify, or delete anything — report findings and
recommended (unapplied) fixes only.

1. Which buckets already have analytics configs?
   aws s3api list-bucket-analytics-configurations --bucket <b>
   For any with a configured export destination, note where the CSVs
   land — if reports have been generated for months and never acted on,
   say so; reading the existing report is the fastest win.
2. Which buckets DESERVE analysis? Rank by size (CloudWatch
   BucketSizeBytes); candidates are >100 GB with mixed/unknown access
   (logs, uploads, exports, backups). Skip tiny buckets.
3. Check object-size distribution feasibility notes: Glacier-class
   minimums (128 KB billable) make transitions counterproductive for
   tiny-object buckets — flag those so the eventual report is read with
   that caveat.
4. Note access-pattern distorters: nightly backup/replication jobs that
   read every object will make everything look hot; identify such
   principals from bucket policies/replication configs if visible.

Report: (a) existing analyses and whether their reports are being
consumed; (b) top candidate buckets for new analysis configs with the
put-bucket-analytics-configuration commands ready for review — but do
NOT execute them; (c) reminder to re-run this audit in ~35 days to act
on the first reports, with expected decision rules (e.g., >60 days
untouched → transition candidates).
Works with any assistant that can run shell commands.

Want the guided version?

The S3 Storage Class Analysis walkthrough covers this topic interactively — it asks about your setup, branches to what’s relevant, and quizzes you on the tricky parts. Free and anonymous.

Start the walkthrough