What is a branch bucket?
Suggest changes
PDFs
A branch bucket provides access to objects in a bucket as they existed at a certain time.
You create a branch bucket from an existing bucket. After you create a branch bucket, the original bucket it was created from is called the base bucket. Additionally, you can create a branch bucket from another branch bucket.
A branch bucket provides access to protected data, but doesn't serve as a backup. To continue to protect data, use these features on base buckets:
-
Cross-grid replication for base buckets
-
Bucket policies for versioned buckets to clean up old object versions
Note the following characteristics of branch buckets:
-
You can access the objects in branch buckets by using S3 Console to download objects.
-
When clients access objects in a branch bucket, the branch bucket's access policies, rather than the policies of the base bucket, determine whether access is granted or denied.
-
Objects created in a base bucket are evaluated based on how ILM rules apply to the base bucket. Objects created in a branch bucket are evaluated based on how ILM rules apply to the branch bucket.
-
Cross-grid replication isn't supported for branch buckets.
-
Platform services aren't supported for branch buckets.
Examples for branch bucket usage
-
You can use a branch bucket to remove corrupt objects by creating a branch bucket from a point in time before the corruption occurred, and then pointing applications to the branch bucket instead of to the base bucket that contains corrupt objects.
-
You're saving data in a versioned bucket. There was an accidental vulnerability that caused many unwanted objects to be ingested after time T. You can create a branch bucket for the Before time value, T, and redirect client operations to that branch bucket. Then, only objects ingested earlier than the Before time T are exposed to clients.
Operations on objects in branch buckets
-
A PUT object operation on a branch bucket creates an object in the branch.
-
A GET object operation on a branch bucket retrieves an object from the branch. If the object doesn't exist in the branch bucket, the object is retrieved from the base bucket.
-
Object deletions from branch buckets occur as follows:
Operation Target Result Object visibility in base bucket Object visibility in branch bucket Delete without version ID
Base bucket
Delete marker is created only for the base bucket
HEAD/GET returns Object doesn't exist, but specific versions can still be accessed
HEAD/GET returns Object exists, and specific versions can still be accessed
The delete marker would have been created after the branch bucket's
beforeTime.Delete with version ID
Base bucket
Specific object version is deleted for both base and branch bucket
HEAD/GET returns Object version doesn't exist
HEAD/GET returns Object version doesn't exist
Delete without version ID
Branch bucket
Delete marker is created only for the branch bucket
HEAD/GET returns object (base bucket object not affected)
HEAD/GET returns Object doesn't exist
Delete with version ID
Branch bucket
Specific object version is deleted only for branch bucket
HEAD/GET returns specific object version (base bucket object not affected)
HEAD/GET returns Object version doesn't exist
Also refer to How S3 versioned objects are deleted.