Skip to main content

What is a branch bucket?

Contributors netapp-lhalbert netapp-perveilerk

A branch bucket provides access to objects in a bucket as they existed at a certain time.

You create a branch bucket from an existing bucket. After you create a branch bucket, the original bucket it was created from is called the base bucket. Additionally, you can create a branch bucket from another branch bucket.

A branch bucket provides access to protected data, but doesn't serve as a backup. To continue to protect data, use these features on base buckets:

Note the following characteristics of branch buckets:

  • You can access the objects in branch buckets by using S3 Console to download objects.

  • When clients access objects in a branch bucket, the branch bucket's access policies, rather than the policies of the base bucket, determine whether access is granted or denied.

  • Objects created in a base bucket are evaluated based on how ILM rules apply to the base bucket. Objects created in a branch bucket are evaluated based on how ILM rules apply to the branch bucket.

  • Cross-grid replication isn't supported for branch buckets.

  • Platform services aren't supported for branch buckets.

Examples for branch bucket usage

  • You can use a branch bucket to remove corrupt objects by creating a branch bucket from a point in time before the corruption occurred, and then pointing applications to the branch bucket instead of to the base bucket that contains corrupt objects.

  • You're saving data in a versioned bucket. There was an accidental vulnerability that caused many unwanted objects to be ingested after time T. You can create a branch bucket for the Before time value, T, and redirect client operations to that branch bucket. Then, only objects ingested earlier than the Before time T are exposed to clients.

Operations on objects in branch buckets

  • A PUT object operation on a branch bucket creates an object in the branch.

  • A GET object operation on a branch bucket retrieves an object from the branch. If the object doesn't exist in the branch bucket, the object is retrieved from the base bucket.

  • Object deletions from branch buckets occur as follows:

    Operation Target Result Object visibility in base bucket Object visibility in branch bucket

    Delete without version ID

    Base bucket

    Delete marker is created only for the base bucket

    HEAD/GET returns Object doesn't exist, but specific versions can still be accessed

    HEAD/GET returns Object exists, and specific versions can still be accessed

    The delete marker would have been created after the branch bucket's beforeTime.

    Delete with version ID

    Base bucket

    Specific object version is deleted for both base and branch bucket

    HEAD/GET returns Object version doesn't exist

    HEAD/GET returns Object version doesn't exist

    Delete without version ID

    Branch bucket

    Delete marker is created only for the branch bucket

    HEAD/GET returns object (base bucket object not affected)

    HEAD/GET returns Object doesn't exist

    Delete with version ID

    Branch bucket

    Specific object version is deleted only for branch bucket

    HEAD/GET returns specific object version (base bucket object not affected)

    HEAD/GET returns Object version doesn't exist