09. AWS S3 Object Lock (With Video Demo) 🐛 ⛈ 📂🔏

While I worked at AWS during the publishing of this post / video, the views expressed here are my own and may not reflect those of my employer. Only publicly available material is used to put together the content of this article and video. The website and the Youtube videos are NOT monetized.

You can directly scroll down for the Youtube Video and Instructions used in the video are provided at the end of this article.

WORM (not 🐛) - stands for Write Once Read Many times

As per Wikipedia -

WORM or Write Once Read Many (WORM) describes a data storage device in which information, once written, cannot be modified. This write protection affords the assurance that the data cannot be tampered with once it is written to the device.

Your harddrive for example is NOT a WORM device. Although if you only allowed read permissions on a file or directory that in effect creates a WORM file.

If you are old enough to have used CD ROMS - they were WORM devices (not the rewrittable ones though.)

Anyways why would you use WORM model for your files?

Here are some good reasons

  1. For some files like log files which you never want to rewrite / update them
  2. Legal requirements to retain/ keep the original copies of the data
  3. Compliance - you need to maintain files for a specified period e.g. for PCI/DSS requirements
  4. Data protection while enabling read access

AWS S3 powers many of AWS’s customers data lakes. And AWS S3 offers various options for you to lock your objects.

  1. Legal Hold - Soft lock on objects that can be lifted with right permissions
  2. Retention lock in Goverence Mode - Same as Legal Hold but with a date
  3. Retention lock in Compliance Mode - Object versions cannot be deleted or overwritten by anyone including the AWS root account.

This may sound a little confusing or daunting but with a detailed video demo - I have tried to explain all these options.

Check it out.

DEMO | AWS S3 | S3 Object Lock

Please watch in full screen or on youtube directly



Command used in the video

Linux / Mac / Windows (run with git bash) -

# Delete a specific version of an S3 Object
aws s3api delete-object --bucket <object_lock> --key <file_name> --version-id <version_id>

Also you can read more about S3 Object Lock here

Thank you for reading through, Please share if it’s useful to someone.

-Nikhil

comments powered by Disqus