Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Does an object lock in S3 helps prevent an object from being overwritten?

I am currently analyzing S3 Object lock feature and AWS specifies the below,

S3 Object Lock is used to prevent an object from being deleted or overwritten for a fixed amount of time or indefinitely

But AWS also specifies users to enable Versioning to use Object lock.

If Versioning is enabled, overwriting of objects can't be done by default as it always create a newer version every time. How does then Object lock in S3 helps prevent an object from being overwritten? Am I missing something here?

like image 208
kavin Avatar asked Jun 24 '19 12:06

kavin


1 Answers

From Locking Objects Using Amazon S3 Object Lock - Amazon Simple Storage Service:

Amazon S3 Object Lock works only in versioned buckets, and retention periods and legal holds apply to individual object versions. When you lock an object version, Amazon S3 stores the lock information in the metadata for that object version. Placing a retention period or legal hold on an object protects only the version specified in the request. It doesn't prevent new versions of the object from being created. If you put an object into a bucket that has the same key name as an existing, protected object, Amazon S3 creates a new version of that object, stores it in the bucket as requested, and reports the request as completed successfully. The existing, protected version of the object remains locked according to its retention configuration.

So, Object Lock does not prevent an object from being overwritten or a new version from being created. Only a specific version of the object is locked, which cannot be deleted. Other operations are permitted.

For example, I created an object and locked it with Legal Hold. I then renamed the object. This resulted in the addition of a Delete Marker and a new object was created with the changed name.

like image 136
John Rotenstein Avatar answered Nov 15 '22 05:11

John Rotenstein