1. Home
  2. Binero.Cloud
  3. Storage
  4. Object Lock
Searching...

Object Lock

Content

In this guide we will go through what you need to do to get started with Object Lock.

Prerequisites

To get started with the CLI you will need to install the AWS CLI or some other CLI tool that works with the S3 API. We have a guide to get started with object storage here https://support.binero.com/knowledge-base/binero-objektlagring/

Getting started

To use object lock, we first need to configure a bucket with it enabled, we do this with the following command:

$ aws --endpoint=https://object-eu-se-1a.binero.cloud s3api create-bucket --bucket binero-test-lock --create-bucket-configuration LocationConstraint=europe-se-1:gp.recurring --object-lock-enabled-for-bucket

After that, we can activate object lock on it and choose the type of retention

$ aws --endpoint=https://object-eu-se-1a.binero.cloud s3api put-object-lock-configuration --bucket binero-test-lock --object-lock-configuration '{ "ObjectLockEnabled": "Enabled", "Rule": { "DefaultRetention": { "Mode": "COMPLIANCE", "Days": 1 }}}'

Here we set Mode to COMPLIANCE this means that the protected object can not be overwritten or deleted by any user, it is not possible to change afterwards and you can not shorten the period. We set the period to 1 day, which means that the object can only be deleted / overwritten after 1 day from the time it is created.

If we now copy a file to the new bucket we created

$ aws s3 --endpoint=https://object-eu-se-1a.binero.cloud cp test.txt s3://binero-test-lock/test.txt
upload: ./test.txt to s3://binero-test-lock/test.txt

we can list all versions of the object, version control is activated when creating a bucket with object lock.

$ aws s3api --endpoint=https://object-eu-se-1a.binero.cloud list-object-versions --bucket binero-test-lock

{
 "Versions": [
  {
 "ETag": "\"d41d8cd98f00b204e9800998ecf8427e\"",
 "Size": 0,
 "StorageClass": "STANDARD",
 "Key": "test.txt",
 "VersionId": "LYw1h2UTZX3SX5eh736V72T2.Ewca5l",
 "IsLatest": true,
 "LastModified": "2021-03-15T10:33:20.407000+00:00",
 "Owner": {
 "DisplayName": "5000000",
 "ID": "e159548115134f84b850038459bc600c$e159548115134f84b850038459bc600c"
  }
  }
 ]
}

If you delete the file by running e.g.

$ aws s3api --endpoint=https://object-eu-se-1a.binero.cloud delete-object --bucket binero-test-lock --key "test.txt"
{
 "DeleteMarker": true,
 "VersionId": "Nqf2LuW16O8U9bQcqaxnEGIMfXvUjgX"
}

it is marked as deleted because version control is activated, however, you try to delete the object

$ aws --endpoint=https://object-eu-se-1a.binero.cloud s3api delete-object --bucket binero-test-lock --key test.txt --version-id LYw1h2UTZX3SX5eh736V72T2.Ewca5l
An error occurred (AccessDenied) when calling the DeleteObject operation: Unknown

then you get an error message as it is not possible to delete the file before the time we have set expires.

Updated on 2021-04-07

Related Articles