Configuration of Object Storage Repository with Immutability in Amazon S3

Configuration of Object Storage Repository with Immutability in Amazon S3

KB ID: 190021
Objective:
This guide provides step-by-step instructions for configuring an Object Storage Repository with Immutability in Amazon S3 by enabling Object Locking on a bucket. Immutability ensures that objects within the bucket cannot be deleted or altered within a specified retention period.
Prerequisites:
  1. AWS account with the necessary permissions.
  2. Access to the AWS S3 console or AWS Command Line Interface (CLI).
Steps:
1. Enable Versioning:
  1. Open the AWS S3 console or use the AWS CLI.
  2. Navigate to the desired S3 bucket.
  3. Select the "Properties" tab.
  4. Under "Advanced settings," enable versioning.
2. Enable Object Locking:
    In the S3 console or using the AWS CLI:
  1. Navigate to the bucket properties.
  2. Under "Object Lock," enable Object Locking.
  3. Choose the desired retention settings or leave it unset for manual configuration.
3. Do Not Configure Default Retention Modes:
When enabling Object Locking, ensure that no default retention modes are configured unless specific retention requirements exist.
4. Create an S3 Bucket:
     If the bucket does not exist:
  1. In the AWS S3 console, click "Create bucket."
  2. Follow the prompts to configure the bucket, enabling versioning and Object Locking.
5. Additional Required Permissions:
    Grant the following IAM permissions to the user or role interacting with the S3 bucket:
  1. s3:GetBucketObjectLockConfiguration
  2. s3:GetObjectLegalHold
  3. s3:GetObjectRetention
  4. s3:PutBucketObjectLockConfiguration
  5. s3:PutObjectRetention
6. Reference Documentation:
For detailed information, refer to the official AWS documentation on Amazon S3 Object Lock Configuration
Note: Enable Object Locking for an Existing Bucket:
   - If the bucket already exists and Object Locking needs to be enabled:
     - Follow steps 1 and 2 for the existing bucket without creating a new one.
     - Adjust permissions and refer to the AWS documentation for any additional considerations.
Conclusion:
Following these steps ensures the successful configuration of an Object Storage Repository with Immutability in Amazon S3 by enabling Object Locking on the specified bucket. It is crucial to review and understand the AWS documentation for any updates or additional features related to Object Locking.

    • Related Articles

    • Configuring Immutable Storage with Object Storage Repository

      KB ID: 190027 Objective: This KB article provides step-by-step guidance on configuring an Object Storage Repository as Immutable Storage in Amazon S3 and S3-compatible clouds. This involves enabling Object Locking and implementing the required IAM ...
    • Object Storage Repository - Introduction

      In this section, you will find information about object storage, its limitations if any and the process of configuring it as your backup storage using the BDRSuite Backup Server. What is object storage? Object storage is a data storage architecture ...
    • Configuring Object Storage Repository as Immutable Storage

      KB ID: 190026 Overview: Configuring an Object Storage Repository as Immutable Storage requires specific permissions to be granted. This article delineates the essential permissions and presents the JSON format of an IAM user policy necessary for ...
    • Configuring Amazon S3 as Backup Repository

      BDRSuite offers support for storing backup data on an Amazon S3 bucket, utilizing it as an object storage type repository. With this configuration, users have the option to choose Amazon S3 as their backup repository. Amazon S3, a widely-used object ...
    • Troubleshooting: Unable to Establish Connection to Object Storage Repository

      KB ID: 190016 Issue: You encounter an error when attempting to add an Object Storage Repository (such as Amazon S3, S3 Compatible, or Azure Blob). This issue arises due to various reasons related to connectivity and configuration. Causes: This error ...