S3 Object Lock

Content Platform Tenant Management Help

File Size
4269 KB
Part Number

HCP supports S3 Object Lock that enables you to store objects using a write-once-read-many (WORM) models. It helps prevent objects from being deleted or overwritten for a specified period. HCP helps you meet regulatory requirements and provides protection against accidental deletion of objects.

HCP supports the following S3 Object Lock features:

Retention modes: You can choose one of these retention modes for any object version protected by S3 Object Lock.
  • Governance mode: Prevents you from overwriting or deleting an object version. It helps protect objects against accidental deletions. However, users with privileged access can change the retention settings or delete the objects.
  • Compliance mode: Prevents you from overwriting or deleting an object version for the duration of the retention period. When an object is locked in compliance mode, you can extend the retention period, but you can’t shorten it.

Retention period: You can protect an object version for a fixed amount of time by specifying a retention period. After the retention period expires, you can overwrite or delete the object version unless it has a legal hold. You can set a retention period on an object version either explicitly or through a namespace default setting. HCP stores the retention date settings in the object version’s metadata and protects it until the retention period expires.

Legal hold: You can use S3 Object Lock to place a legal hold on an object version. This prevents the object version from being overwritten or deleted, just like in retention period. However, a legal hold doesn’t have an expiration date and remains in effect until removed. Only a privileged user with sufficient permissions can place and remove legal holds. If S3 Object Lock is enabled for a namespace, you can place and remove legal holds regardless of whether the object version has a retention period.