Skip to main content

S3 Object Lock tasks

Contributors netapp-lhalbert

As a grid administrator, you must coordinate closely with tenant users to ensure that the objects are protected in a manner that satisfies their retention requirements.

Note Applying tenant settings across the grid could take 15 minutes or longer based on network connectivity, node status, and Cassandra operations.

The following lists for grid administrators and tenant users contain the high-level tasks for using the S3 Object Lock feature.

Grid administrator
  • Enable global S3 Object Lock setting for entire StorageGRID system.

  • Ensure that information lifecycle management (ILM) policies are compliant; that is, they meet the requirements of buckets with S3 Object Lock enabled.

  • As needed, allow a tenant to use Compliance as the retention mode. Otherwise, only Governance mode is allowed.

  • As needed, set a maximum retention period for a tenant.

Tenant user
  • Review considerations for buckets and objects with S3 Object Lock.

  • As needed, contact grid administrator to enable global S3 Object Lock setting and set permissions.

  • Create buckets with S3 Object Lock enabled.

  • Optionally, configure default retention settings for a bucket:

    • Default retention mode: Governance or Compliance, if allowed by the grid administrator.

    • Default retention period: Must be less than or equal to maximum retention period set by grid administrator.

  • Use the S3 client application to add objects and optionally set object-specific retention:

    • Retention mode. Governance or Compliance, if allowed by the grid administrator.

    • Retain Until Date: Must be less than or equal to what is allowed by the maximum retention period set by grid administrator.