Requirements for S3 Object Lock

Before enabling S3 Object Lock for a bucket, review the requirements for S3 Object Lock buckets and objects and the lifecycle of objects in buckets with S3 Object Lock enabled.

Requirements for buckets with S3 Object Lock enabled

Requirements for objects in buckets with S3 Object Lock enabled

Lifecycle of objects in buckets with S3 Object Lock enabled

Each object that is saved in a bucket with S3 Object Lock enabled goes through three stages:

  1. Object ingest
    • When adding an object version to a bucket with S3 Object Lock enabled, the S3 client application can optionally specify retention settings for the object (retain-until-date, legal hold, or both). StorageGRID then generates metadata for that object, which includes a unique object identifier (UUID) and the ingest date and time.
    • After an object version with retention settings is ingested, its data and S3 user-defined metadata cannot be modified.
    • StorageGRID stores the object metadata independently of the object data. It maintains three copies of all object metadata at each site.
  2. Object retention
    • Multiple copies of the object are stored by StorageGRID. The exact number and type of copies and the storage locations are determined by the compliant rules in the active ILM policy.
  3. Object deletion
    • An object can be deleted when its retain-until-date is reached.
    • An object that is under a legal hold cannot be deleted.