AWS

3 Mins Read

Protecting S3 Data with Object Lock

Voiced by Amazon Polly

Introduction to Amazon S3

Amazon S3 is a highly available, durable and secure service where organizations can store there any amount of data. Some businesses have requirement to protect data from deletion and overwritten for a fixed amount of time or indefinitely.

Object Lock feature of Amazon S3 allows organization to easily protect their data from deletion and overwritten. This feature allows organization to store their object using a Write Once Read Many (WORM) models.

Customized Cloud Solutions to Drive your Business Success

  • Cloud Migration
  • Devops
  • AIML & IoT
Know More

Ways To Manage Retention

There are two ways to manage object retention in Amazon S3 with object lock:

  • Retention Period: It is a set period of time during which an object remains locked. On S3 bucket you can set default retention period and also set retention period for any individual S3 object. During the retention period you cannot delete or overwritten an object. You can set retention period in days or years. You can retain an object for minimum 1 day and there is no limit for maximum days.
  • Legal hold: It is also providing same level of protection as retention period but without an expiration date. Instead, legal hold exists in place until you explicitly remove it.

S3 object Lock only works on the buckets that have S3 versioning enabled.

Retention Modes

There are two types of retention mode to manage objects.

  • Governance mode: In governance mode, the users are unable to overwrite, delete an object version, or modify its object lock settings unless they have specific permissions.

You can use this mode, if you want to prevent most of the users from deleting an S3 objects, but at the same time you want to allow certain users to modify retention settings or remove the objects if needed.

  • Compliance mode: In compliance mode, no user, including the root user of your AWS account, can overwrite or delete a protected object version. Once an object is locked in compliance mode, its retention mode cannot be altered.

Steps to Configure S3 Object Lock Using Retention Period in Governance Mode

  • Create a S3 bucket with unique name (demo-object-lock-2024).

 

  • In bucket properties find Bucket Versioning, edit and enable versioning by following below steps

 

  • In bucket properties find Object Lock then edit & enable it, enable default retention, select preferred default retention mode governance or compliance, write default retention period in textbox and select either days or year by following below steps

  • Let’s upload some objects in S3 bucket and confirm that everything is functioning correctly.

  • Let’s review the Object Lock properties under the Properties tab for one of the objects, ‘nature.jpg’ that we uploaded on date of September 13, 2024.

  • The object has been locked with a “Retain until” date of September 14, 2024, which is 1 day from the upload date.

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

  • Cloud Training
  • Customized Training
  • Experiential Learning
Read More

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training PartnerAWS Migration PartnerAWS Data and Analytics PartnerAWS DevOps Competency PartnerAWS GenAI Competency PartnerAmazon QuickSight Service Delivery PartnerAmazon EKS Service Delivery Partner AWS Microsoft Workload PartnersAmazon EC2 Service Delivery PartnerAmazon ECS Service Delivery PartnerAWS Glue Service Delivery PartnerAmazon Redshift Service Delivery PartnerAWS Control Tower Service Delivery PartnerAWS WAF Service Delivery Partner and many more.

To get started, go through our Consultancy page and Managed Services PackageCloudThat’s offerings.

WRITTEN BY Avinash Singh Bundela

Share

PREV

NEXT

Comments

    Click to Comment

Related Resources

Cloud Computing, DevOps

Streamline DevOps with Nexus Repository Setup and Integration

By Lavin Kumar

Nov 14, 2024

Microsoft Dynamics 365

Top 5 Admin and Configuration Tips for Dynamics 365

By Krishna Vishvnath Kendre

Nov 13, 2024

Microsoft Dynamics 365

How Dynamics 365 Empowers Field Service Management: Best Practices

By Krishna Vishvnath Kendre

Nov 13, 2024

Azure

How to Migrate MySQL server from On-premises to Azure

By Sangeetha S

Nov 8, 2024

Azure

Introduction to Azure Data Migration Service (DMS)

By Sangeetha S

Nov 8, 2024

Microsoft Dynamics 365

Revolutionizing Business Efficiency with AI-Driven Insights in Dynamics 365

By Mohan Unkal

Nov 8, 2024

DevOps, Docker

How to Containerize and Deploy a Full-Stack Application Using

By Sruti Samatkar

Nov 7, 2024

Azure

Simplifying Identity Management: Pass-Through Authentication and Seamless Single Sign-On

By Rahulkumar Shrimali

Nov 7, 2024

AWS

End User Computing: Secure, Scalable, and Essential for the

By Nitin Kamble

Nov 7, 2024

Power Platforms

Enhance Your Power Automate Workflows with Expressions

By Beena S Rai

Nov 7, 2024

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!