Wasabi Object Lock

Wasabi Object Lock is a feature that prohibits modification or deletion of specific object versions during a configured retention period.  Object Lock is a method that can be used to achieve WORM or a form of airgapped storage.  The retention policy can be specified on each object placed into a bucket. Additionally, bucket level settings can be applied so that new objects placed in a bucket will have the default settings applied. Versioning is required to be enabled on a bucket with Object Lock enabled.

There are two modes of Object Lock:

Governance Mode will lock the object for the configured retention policy, however, the root user or any user with the IAM permission “s3:BypassGovernanceRetention” can bypass the retention policy and modify or delete files.

Compliance Mode will lock the object for the configured retention policy, and no user can modify or delete the object, until that retention policy has passed.

Legal Hold

Legal hold is an additional locking mechanism that can be placed on an object in an Object Lock enabled bucket. A legal hold will prevent the modification or deletion of an object indefinitely until the legal hold has been removed. A legal hold overrides both Governance Mode, and Compliance Mode retention policies, however, it does not remove them. After removing the legal hold, the existing Governance Mode, or Compliance Mode retention policy will still be in effect.

Enabling Object Lock

Object Lock must be enabled on a bucket before you can use the Object Lock functionality. Enabling Object Lock can only be done during bucket creation. Therefore, you are unable to enable Object Lock on existing buckets of data.

Creating a bucket that has Object Lock enabled will automatically disable the use of Wasabi Bucket Lock (Wasabi Compliance).

How to create an Object Lock enabled bucket?

Bucket Level Defaults Configuration

Bucket level configuration for Object Lock allows you to automatically configure a Retention Mode and Retention Time in days, or years for new objects placed into a bucket. This configuration is disabled by default and is optional. Configuring Object Lock on a bucket does not affect objects which are already in a bucket. When an object is uploaded without any Object Lock configuration, the object will have the Bucket Level Defaults applied to it. Changing or disabling Object Lock default settings on the bucket, will not affect any existing objects in a bucket.

Using Bucket Level Default Settings for Object Lock

Viewing Object Lock Status on a File

How to verify your objects are locked with Wasabi Object Lock?

Determining Wasabi Object Lock vs Wasabi Compliance

How can I tell if a bucket is using Wasabi Object Lock or Wasabi Compliance?

Wasabi Ball Support

Can I use Wasabi Ball with Object Lock?

 

Third-Party Integrations

 

Have more questions? Submit a request