...
Queries the inventory with Athena for a certain date range fetching keys in batches (making sure to always have an upper bound of T - 60 days to avoid collecting keys for temporary data such as the multipart upload parts). We can keep track of the date of the object in the last processed batch to be used as the next lower bound.
For each batch of keys asks the backend (e.g. through a dedicated admin API) which keys do not have file handles
Saves the response to disk
For each non matching key deletes the batch of objects (or add a tag so that a lifecycle could expire the objects)
In general we should make sure that any data that ends up in the prod bucket is actually indexed in file handles, for example I would move the temporary objects used for the multipart upload in its own dedicated bucket.
...