Update S3 Object Lock default retention

08/08/2024 Contributors

If you enabled S3 Object Lock when you created the bucket, you can edit the bucket to change the default retention settings. You can enable (or disable) default retention and set a default retention mode and retention period.

Before you begin

You are signed in to the Tenant Manager using a supported web browser.
You belong to a user group that has the Manage all buckets or Root access permission. These permissions override the permissions settings in group or bucket policies.
S3 Object Lock is enabled globally for your StorageGRID system, and you enabled S3 Object Lock when you created the bucket. See Use S3 Object Lock to retain objects.

Steps

Select View buckets from the dashboard, or select STORAGE (S3) > Buckets.
Select the bucket name from the table.

The bucket details page appears.
From the Bucket options tab, select the S3 Object Lock accordion.
Optionally, enable or disable Default retention for this bucket.

Changes to this setting don't apply to objects already in the bucket or to any objects that might have their own retention periods.

If Default retention is enabled, specify a Default retention mode for the bucket.

Default retention mode Description

Default retention mode	Description
Governance	Users with the `s3:BypassGovernanceRetention` permission can use the `x-amz-bypass-governance-retention: true` request header to bypass retention settings. These users can delete an object version before its retain-until-date is reached. These users can increase, decrease, or remove an object's retain-until-date.
Compliance	The object can't be deleted until its retain-until-date is reached. The object's retain-until-date can be increased, but it can't be decreased. The object's retain-until-date can't be removed until that date is reached. Note: Your grid administrator must allow you to use compliance mode.

Governance

Users with the s3:BypassGovernanceRetention permission can use the x-amz-bypass-governance-retention: true request header to bypass retention settings.
These users can delete an object version before its retain-until-date is reached.
These users can increase, decrease, or remove an object's retain-until-date.

Compliance

The object can't be deleted until its retain-until-date is reached.
The object's retain-until-date can be increased, but it can't be decreased.
The object's retain-until-date can't be removed until that date is reached.

Note: Your grid administrator must allow you to use compliance mode.

If Default retention is enabled, specify the Default retention period for the bucket.

The Default retention period indicates how long new objects added to this bucket should be retained, starting from the time they are ingested. Specify a value that is less than or equal to the maximum retention period for the tenant, as set by the grid administrator.

A maximum retention period, which can be a value from 1 day to 100 years, is set when the grid administrator creates the tenant. When you set a default retention period, it can't exceed the value set for the maximum retention period. If needed, ask your grid administrator to increase or decrease the maximum retention period.
Select Save changes.

Update S3 Object Lock default retention

Creating your file...