Skip to main content

Workflow for S3 Object Lock


As a grid administrator, you must coordinate closely with tenant users to ensure that the objects are protected in a manner that satisfies their retention requirements.

The workflow diagram shows the high-level steps for using S3 Object Lock. These steps are performed by the grid administrator and by tenant users.

S3 Object Lock workflow for Grid Manager

Grid admin tasks

As the workflow diagram shows, a grid administrator must perform two high-level tasks before S3 tenant users can use S3 Object Lock:

  1. Create at least one compliant ILM rule and make that rule the default rule in the active ILM policy.

  2. Enable the global S3 Object Lock setting for the entire StorageGRID system.

Tenant user tasks

After the global S3 Object Lock setting has been enabled, tenants can perform these tasks:

  1. Create buckets that have S3 Object Lock enabled.

  2. Optionally, specify default retention settings for the bucket. Any default bucket settings are applied only to new objects that don't have their own retention settings.

  3. Add objects to those buckets and optionally specify object-level retention periods and legal hold settings.

  4. As required, update default retention for the bucket or update the retention period or the legal hold setting for an individual object.