Configuration of Object Storage Repository with Immutability in Amazon S3
KB ID: 190021
Objective:
This guide provides step-by-step instructions for configuring an Object Storage Repository with Immutability in Amazon S3 by enabling Object Locking on a bucket. Immutability ensures that objects within the bucket cannot be deleted or altered within a specified retention period.
Prerequisites:
- AWS account with the necessary permissions.
- Access to the AWS S3 console or AWS Command Line Interface (CLI).
Steps:
1. Enable Versioning:
- Open the AWS S3 console or use the AWS CLI.
- Navigate to the desired S3 bucket.
- Select the "Properties" tab.
- Under "Advanced settings," enable versioning.
2. Enable Object Locking:In the S3 console or using the AWS CLI:
- Navigate to the bucket properties.
- Under "Object Lock," enable Object Locking.
- Choose the desired retention settings or leave it unset for manual configuration.
3. Do Not Configure Default Retention Modes:When enabling Object Locking, ensure that no default retention modes are configured unless specific retention requirements exist.4. Create an S3 Bucket:If the bucket does not exist:
- In the AWS S3 console, click "Create bucket."
- Follow the prompts to configure the bucket, enabling versioning and Object Locking.
5. Additional Required Permissions:Grant the following IAM permissions to the user or role interacting with the S3 bucket:
- s3:GetBucketObjectLockConfiguration
- s3:GetObjectLegalHold
- s3:GetObjectRetention
- s3:PutBucketObjectLockConfiguration
- s3:PutObjectRetention
6. Reference Documentation:For detailed information, refer to the official AWS documentation on Amazon S3 Object Lock ConfigurationNote: Enable Object Locking for an Existing Bucket:- If the bucket already exists and Object Locking needs to be enabled:- Follow steps 1 and 2 for the existing bucket without creating a new one.- Adjust permissions and refer to the AWS documentation for any additional considerations.
Conclusion:
Following these steps ensures the successful configuration of an Object Storage Repository with Immutability in Amazon S3 by enabling Object Locking on the specified bucket. It is crucial to review and understand the AWS documentation for any updates or additional features related to Object Locking.
Related Articles
Configuring Immutable Storage with Object Storage Repository
KB ID: 190027 Objective: This KB article provides step-by-step guidance on configuring an Object Storage Repository as Immutable Storage in Amazon S3 and S3-compatible clouds. This involves enabling Object Locking and implementing the required IAM ...Configuring Object Storage Repository as Immutable Storage
KB ID: 190026 Overview: Configuring an Object Storage Repository as Immutable Storage requires specific permissions to be granted. This article delineates the essential permissions and presents the JSON format of an IAM user policy necessary for ...Troubleshooting: Unable to Establish Connection to Object Storage Repository
KB ID: 190016 Issue: You encounter an error when attempting to add an Object Storage Repository (such as Amazon S3, S3 Compatible, or Azure Blob). This issue arises due to various reasons related to connectivity and configuration. Causes: This error ...Restore operation failed due to the inability to retrieve data from the Object Storage Repository.
KB ID: 190017 Cause: This problem arises when the BDR Backup Server or Offsite DR Server encounters difficulty in accessing data from the designated Object Storage Repository. This can be attributed to one of the following factors: 1. Connectivity ...Error Encountered During Backup Data Upload to Object Storage Repository
KB ID: 190018 Cause: This error arises when there is a problem uploading backup data from the local cache to the object storage. It can be attributed to one of the following factors: 1. Connectivity issues between the BDR Backup Server/Offsite DR ...