You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
S3 Object Lock implements storing of objects using a write-once-read-many (WORM) model.
You can use S3 Object Lock to meet regulatory requirements that require WORM storage, or add an extra layer of protection against object changes and deletion.
Object Lock is intended for versioned buckets only.
You can't disable Object Lock or suspend versioning for a Object Lock enabled bucket.
on AWS, you can only enable Object Lock for new buckets (no public API for doing this ; but they can enable this in the backoffice probably).
Main topics
Retention modes
S3 Object Lock provides two retention modes:
Governance mode: only authorized users can delete an object
Compliance mode: no-one can delete the object (until the associated retention period expires)
Retention modes apply to Object's versions.
Different versions of a single object can have different retention modes and periods.
A retention period protects an object version for a fixed amount of time. It is implemented with a timestamp in the object version's metadata to indicate when the retention period expires
You can extend a retention period but not shrink it
High level documentation
S3 Object Lock implements storing of objects using a write-once-read-many (WORM) model.
You can use S3 Object Lock to meet regulatory requirements that require WORM storage, or add an extra layer of protection against object changes and deletion.
Main topics
Retention modes
S3 Object Lock provides two retention modes:
Governance mode
: only authorized users can delete an objectCompliance mode
: no-one can delete the object (until the associated retention period expires)Retention modes apply to Object's versions.
Different versions of a single object can have different retention modes and periods.
Retention periods
Legal holds
s3:PutObjectLegalHold
permission.Bucket configuration
Required permissions
Object Lock operations require specific permissions for the user:
s3:BypassGovernanceRetention
s3:GetBucketObjectLockConfiguration
s3:GetObjectLegalHold
s3:GetObjectRetention
s3:PutBucketObjectLockConfiguration
s3:PutObjectLegalHold
s3:PutObjectRetention
The text was updated successfully, but these errors were encountered: