Object Lock & Retention
To enable this feature, object lock MUST be enabled at bucket creation time.
aws s3api create-bucket --bucket test-lock-v4 --object-lock-enabled-for-bucket --profile "*.telnyxstorage.com" --endpoint-url https://us-central-1.telnyxstorage.com
Confirm this is set properly.
aws s3api get-object-lock-configuration --bucket test-lock-v4 --profile "*.telnyxstorage.com" --endpoint-url https://us-central-1.telnyxstorage.com
{
"ObjectLockConfiguration": {
"ObjectLockEnabled": "Enabled"
}
}
Versioning is automatically enabled as a result.
s3-test % aws s3api get-bucket-versioning --bucket test-lock-v4 --profile "*.telnyxstorage.com" --endpoint-url https://us-central-1.telnyxstorage.com
{
"Status": "Enabled",
"MFADelete": "Disabled"
}
Upload an object.
aws s3api put-object --key my-object --body ~/Downloads/random-bytes --bucket test-lock-v4 --profile "*.telnyxstorage.com" --endpoint-url https://us-central-1.telnyxstorage.com
{
"ETag": "\"21074fc6c4a7aaee18b61bb235a9d372\"",
"VersionId": "Z.gwUKVtPQx9bqbfD4VTxv3SraZdUlF"
}
Now set the object retention policy.
aws s3api put-object-retention --bucket test-lock-v4 --key my-object --retention '{ "Mode": "GOVERNANCE", "RetainUntilDate": "2024-11-20T00:00:00" }' --profile "*.telnyxstorage.com" --endpoint-url https://us-central-1.telnyxstorage.com
And confirm it's set properly.
aws s3api get-object-retention --bucket test-lock-v4 --key my-object --profile "*.telnyxstorage.com" --endpoint-url https://us-central-1.telnyxstorage.com
{
"Retention": {
"Mode": "GOVERNANCE",
"RetainUntilDate": "2024-11-20T00:00:00+00:00"
}
}
Deleting the object produces an expected error.
aws s3api delete-object --bucket test-lock-v4 --key my-object --version-id "Z.gwUKVtPQx9bqbfD4VTxv3SraZdUlF" --profile "*.telnyxstorage.com" --endpoint-url https://us-central-1.telnyxstorage.com
An error occurred (AccessDenied) when calling the DeleteObject operation: forbidden by object lock
For additional information, please consult S3's API reference.