By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can the retention period of the object be shorter than the lock periods of the bucket?

0

I created a bucket and put governance lock with 5 days of lock. I put the object obj1 in the bucket with 3 days of the lock. Can it be possible?

Topics
Storage
Tags
Amazon Simple Storage Service
Language
English
Saurav
asked a month ago303 views
1 Answer
1

Yes, it is possible !

Objects in the bucket can have their own retention mode as well as retention period regardless of the default bucket's object lock mode and retention.

It has been miss understood quite often that bucket object lock settings governs like a minimum lock protection which is not true. Bucket level lock settings comes in the picture to apply the settings to the objects that are being PUT without any object lock mode/retention.

See this practical test.

I am creating an object in a bucket whose object lock default retention is 40 days,  through  PUT CLI I am trying to retain it only for few hours until 05/09 00:00:00.

[ec2-user@ip-172-16-1-92 ~]$ aws s3api get-object-lock-configuration --bucket test-lock-ben-01
{
    "ObjectLockConfiguration": {
        "ObjectLockEnabled": "Enabled",
        "Rule": {
            "DefaultRetention": {
                "Mode": "COMPLIANCE",
                "Days": 40
            }
        }
    }
}
[ec2-user@ip-172-16-1-92 ~]$ aws s3api put-object --body sar.1 --bucket test-lock-ben-01 --key lock-test-100 --object-lock-mode COMPLIANCE --object-lock-retain-until-date "2024-05-09T00:00:00"
{
    "ETag": "\"626b94292be9fbf54b5921f137de1356\"",
    "ServerSideEncryption": "AES256",
    "VersionId": "J871Kx7Mza5IKbe9pntl8VhMbeAX1dPp"
}
[ec2-user@ip-172-16-1-92 ~]$ 
[ec2-user@ip-172-16-1-92 ~]$ aws s3api get-object-retention --bucket test-lock-ben-01 --key lock-test-100
{
    "Retention": {
        "Mode": "COMPLIANCE",
        "RetainUntilDate": "2024-05-09T00:00:00+00:00"
    }
}

Now I am putting an object without any object lock option, this will automatically be locked for 40 days.

[ec2-user@ip-172-16-1-92 ~]$ aws s3api put-object --body sar.1 --bucket test-lock-ben-01 --key lock-test-101
{
    "ETag": "\"626b94292be9fbf54b5921f137de1356\"",
    "ServerSideEncryption": "AES256",
    "VersionId": "VMsAa_PxtV7xgGHHb8jKznZWSuIHFvVs"
}
[ec2-user@ip-172-16-1-92 ~]$ aws s3api get-object-retention --bucket test-lock-ben-01 --key lock-test-101
{
    "Retention": {
        "Mode": "COMPLIANCE",
        "RetainUntilDate": "2024-06-17T16:37:54.272000+00:00"
    }
}

Not only retention period of an object can be shorter or longer than the bucket level lock settings infact the lock mode can also be differ. Like in this example my bucket lock mode is COMPLIANCE but objects can be put with GOVERNANCE mode as well.

AWS
razguru
answered a month ago
profile picture
EXPERT
GK
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content