Secure Objects in an S3 Bucket
Learn how to secure objects in S3 buckets against deletion for compliance and governance purposes.
S3 offers multiple ways to secure objects in the bucket by either restricting objects in the bucket or applying a standardized security pattern on all of the objects. Let’s dive to learn multiple ways we can protect objects stored in our bucket.
S3 Object Locks
S3 Object Locks prevent overwriting or deletion of an object. It is based on the WORM (write-one-read-many) model. Object Locks only work on versioning-enabled S3 buckets. We can lock a specific object version, which associates the lock information with the metadata of the version.
Object Lock provides two ways to manage the retention: retention period and legal holds.
Retention period
We lock the object for a specified amount of time. We can set up a unique or default object retention period on a bucket. Furthermore, we can set up maximum and minimum allowed retention periods using the s3:object-lock-remaining-retention-days
condition key in the bucket policy. This ensures that users can only specify ...