09. AWS S3 Object Lock (With Video Demo) 🐛 ⛈ 📂🔏
You can directly scroll down for the Youtube Video and Instructions used in the video are provided at the end of this article.
WORM (not 🐛) - stands for Write Once Read Many times
As per Wikipedia -
WORM or Write Once Read Many (WORM) describes a data storage device in which information, once written, cannot be modified. This write protection affords the assurance that the data cannot be tampered with once it is written to the device.
Your harddrive for example is NOT a WORM device. Although if you only allowed read permissions on a file or directory that in effect creates a WORM file.
If you are old enough to have used CD ROMS - they were WORM devices (not the rewrittable ones though.)
Anyways why would you use WORM model for your files?
Here are some good reasons
- For some files like log files which you never want to rewrite / update them
- Legal requirements to retain/ keep the original copies of the data
- Compliance - you need to maintain files for a specified period e.g. for PCI/DSS requirements
- Data protection while enabling read access
AWS S3 powers many of AWS’s customers data lakes. And AWS S3 offers various options for you to lock your objects.
- Legal Hold - Soft lock on objects that can be lifted with right permissions
- Retention lock in Goverence Mode - Same as Legal Hold but with a date
- Retention lock in Compliance Mode - Object versions cannot be deleted or overwritten by anyone including the AWS root account.
This may sound a little confusing or daunting but with a detailed video demo - I have tried to explain all these options.
Check it out.
DEMO | AWS S3 | S3 Object Lock
Please watch in full screen or on youtube directly
Command used in the video
Linux / Mac / Windows (run with git bash) -
# Delete a specific version of an S3 Object aws s3api delete-object --bucket <object_lock> --key <file_name> --version-id <version_id>
Also you can read more about S3 Object Lock here
Thank you for reading through, Please share if it’s useful to someone.