Versioning, Object Lock, and lifecycle

Three features control how objects change and how long they live: versioning, Object Lock, and lifecycle rules.

Versioning

With versioning on, overwriting or deleting an object keeps the previous version rather than discarding it. You can list versions and restore an earlier one. This is the basis for recovering from accidental changes and from tampering.

Object Lock (immutability)

Object Lock makes an object write-once for a retention period. While the lock is in force, the object cannot be overwritten or deleted.

  • Governance mode protects objects but lets users with a specific permission adjust the lock.

  • Compliance mode prevents anyone, including administrators, from deleting the object or shortening its retention before the period ends.

Enable Object Lock when you create a bucket; it turns on versioning automatically.

Lifecycle rules

Lifecycle rules act on objects automatically over time, for example expiring objects after a number of days. Use them to keep buckets tidy and to enforce retention windows.

Object Lock and lifecycle interact: a lifecycle rule cannot delete an object whose Object Lock retention has not expired. Plan the two together.