AWS

3 Mins Read

Protecting S3 Data with Object Lock

Voiced by Amazon Polly

Introduction to Amazon S3

Amazon S3 is a highly available, durable and secure service where organizations can store there any amount of data. Some businesses have requirement to protect data from deletion and overwritten for a fixed amount of time or indefinitely.

Object Lock feature of Amazon S3 allows organization to easily protect their data from deletion and overwritten. This feature allows organization to store their object using a Write Once Read Many (WORM) models.

Ways To Manage Retention

There are two ways to manage object retention in Amazon S3 with object lock:

  • Retention Period: It is a set period of time during which an object remains locked. On S3 bucket you can set default retention period and also set retention period for any individual S3 object. During the retention period you cannot delete or overwritten an object. You can set retention period in days or years. You can retain an object for minimum 1 day and there is no limit for maximum days.
  • Legal hold: It is also providing same level of protection as retention period but without an expiration date. Instead, legal hold exists in place until you explicitly remove it.

S3 object Lock only works on the buckets that have S3 versioning enabled.

Customized Cloud Solutions to Drive your Business Success

  • Cloud Migration
  • Devops
  • AIML & IoT
Know More

Retention Modes

There are two types of retention mode to manage objects.

  • Governance mode: In governance mode, the users are unable to overwrite, delete an object version, or modify its object lock settings unless they have specific permissions.

You can use this mode, if you want to prevent most of the users from deleting an S3 objects, but at the same time you want to allow certain users to modify retention settings or remove the objects if needed.

  • Compliance mode: In compliance mode, no user, including the root user of your AWS account, can overwrite or delete a protected object version. Once an object is locked in compliance mode, its retention mode cannot be altered.

Steps to Configure S3 Object Lock Using Retention Period in Governance Mode

  • Create a S3 bucket with unique name (demo-object-lock-2024).

 

  • In bucket properties find Bucket Versioning, edit and enable versioning by following below steps

 

  • In bucket properties find Object Lock then edit & enable it, enable default retention, select preferred default retention mode governance or compliance, write default retention period in textbox and select either days or year by following below steps

  • Let’s upload some objects in S3 bucket and confirm that everything is functioning correctly.

  • Let’s review the Object Lock properties under the Properties tab for one of the objects, ‘nature.jpg’ that we uploaded on date of September 13, 2024.

  • The object has been locked with a “Retain until” date of September 14, 2024, which is 1 day from the upload date.

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

  • Cloud Training
  • Customized Training
  • Experiential Learning
Read More

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training PartnerAWS Migration PartnerAWS Data and Analytics PartnerAWS DevOps Competency PartnerAWS GenAI Competency PartnerAmazon QuickSight Service Delivery PartnerAmazon EKS Service Delivery Partner AWS Microsoft Workload PartnersAmazon EC2 Service Delivery PartnerAmazon ECS Service Delivery PartnerAWS Glue Service Delivery PartnerAmazon Redshift Service Delivery PartnerAWS Control Tower Service Delivery PartnerAWS WAF Service Delivery Partner and many more.

To get started, go through our Consultancy page and Managed Services PackageCloudThat’s offerings.

WRITTEN BY Avinash Singh Bundela

Share

PREV

NEXT

Comments

    Click to Comment

Related Resources

AWS

Enhance Your Visual Applications with Stability AI and AWS

By Nehal Verma

Sep 27, 2024

AWS

Protect Your Web Applications from Bots with AWS WAF

By Rashmi D

Sep 27, 2024

Azure

The Critical Role of BGP in Azure ExpressRoute Connectivity

By Navitha Wilson

Sep 26, 2024

Gen AI

Harnessing the Power of Hybrid Cloud for Generative AI

By Keerthish N

Sep 25, 2024

Gen AI

Protecting Data Privacy in the Age of Generative AI

By Keerthish N

Sep 25, 2024

AWS

How to Optimize Costs on AWS Aurora: A Comprehensive

By Sheeja Narayanan

Sep 25, 2024

Microsoft Dynamics 365

Dynamics 365 ERP vs. Dynamics 365 Business Central: Understanding

By Mohan Unkal

Sep 25, 2024

GitHub

Git Best Practices: Managing Merge Conflicts

By Sruti Samatkar

Sep 25, 2024

Kubernetes

Kubernetes Deployment vs StatefulSet: Choosing the Right Workload Strategy

By Komal Singh

Sep 24, 2024

AWS

AWS Inferentia and Trainium for Generative AI: A Comprehensive

By Nehal Verma

Sep 24, 2024

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!