- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
A retention period protects an object version for a fixed amount of time. When you place a retention period on an object version, Amazon S3 stores a timestamp in the object version's metadata to indicate when the retention period expires. After the retention period expires, the object version can be overwritten or deleted.
With Object Lock, you can also place a legal hold on an object version. Like a retention period, a legal hold prevents an object version from being overwritten or deleted. However, a legal hold doesn't have an associated fixed amount of time and remains in effect until removed. Legal holds can be freely placed and removed by any user who has the s3:PutObjectLegalHold permission.
Suppose that you place a legal hold on an object version and that object version is also protected by a retention period. If the retention period expires, the object doesn't lose its WORM protection. Rather, the legal hold continues to protect the object until an authorized user explicitly removes the legal hold. Similarly, if you remove a legal hold while an object version has a retention period in effect, the object version remains protected until the retention period expires. https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html
The legal hold will hold it until someone releases that has the correct level of access. If you retain an object then after it expires anyone with DeleteObject can delete the object. But if a legal hold is in place, no one even with delete can remove an object. Grant PutObjectLegalHold to a limited number of individuals.
If you are in a legal mitigation/court case you place the object on Legal Hold until such case the lawyers release it etc.
The difference between the two is whether the retention period is fixed.
The retention period of data is usually determined by the organization's rules, so the Retention Period is used.
The following blog article may be helpful.
https://aws.amazon.com/jp/blogs/storage/protecting-data-with-amazon-s3-object-lock/
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata un anno fa