AWS CLI S3 Set Retention for Objects

In the realm of cloud storage, Amazon S3 (Simple Storage Service) is a widely used and highly scalable solution. One of the important features that Amazon S3 offers is the ability to set retention for objects. Object retention in S3 allows you to protect your data from accidental or malicious deletion for a specified period. This can be crucial for compliance requirements, data governance, and ensuring the long - term integrity of your stored information. The AWS CLI (Command - Line Interface) provides a convenient way to interact with S3 and set object retention policies. In this blog post, we will explore the core concepts, typical usage scenarios, common practices, and best practices related to setting object retention for S3 objects using the AWS CLI.

Table of Contents#

  1. Core Concepts
  2. Typical Usage Scenarios
  3. Common Practice
  4. Best Practices
  5. Conclusion
  6. FAQ
  7. References

Article#

Core Concepts#

Object Retention in S3#

Object retention in Amazon S3 enables you to specify a period during which an object cannot be overwritten or deleted. There are two types of object retention in S3:

  • Governance mode: In governance mode, users with appropriate permissions can override the retention settings. This mode is useful when you want to allow authorized personnel to modify the retention period in certain circumstances, such as for regulatory investigations.
  • Compliance mode: In compliance mode, no one, including the root user, can override the retention settings until the retention period expires. This mode is suitable for scenarios where strict data protection is required, such as financial or healthcare data.

Retention Period#

The retention period is specified as a date (in the format YYYY - MM - DD) or a duration in days. Once the retention period is set, the object cannot be deleted or overwritten until the period has elapsed.

Typical Usage Scenarios#

Regulatory Compliance#

Many industries are subject to strict regulatory requirements regarding data retention. For example, the financial industry may be required to retain transaction records for a certain number of years. By setting object retention in S3 using the AWS CLI, companies can ensure that they meet these regulatory obligations.

Data Governance#

In large organizations, data governance is crucial to ensure the integrity and availability of data. Setting retention policies helps in managing data lifecycle, preventing accidental deletion of important data, and maintaining a consistent data management strategy across the organization.

Long - term Data Preservation#

For research institutions or historical archives, long - term data preservation is essential. S3 object retention allows these organizations to store data securely for extended periods without the risk of accidental deletion.

Common Practice#

Prerequisites#

Before setting object retention using the AWS CLI, you need to have the following:

  • An AWS account with appropriate permissions to manage S3 objects.
  • AWS CLI installed and configured on your local machine.

Setting Object Retention#

To set object retention for an S3 object using the AWS CLI, you can use the put-object-retention command. Here is an example:

aws s3api put-object-retention \
    --bucket my-bucket \
    --key my-object-key \
    --retention '{"Mode": "GOVERNANCE", "RetainUntilDate": "2025-12-31"}'

In this example, we are setting the object retention for an object with the key my-object-key in the bucket my - bucket in governance mode until December 31, 2025.

Verifying Object Retention#

You can verify the object retention settings using the get-object-retention command:

aws s3api get-object-retention \
    --bucket my-bucket \
    --key my-object-key

Best Practices#

Regular Auditing#

Regularly audit your S3 object retention policies to ensure that they are up - to - date and in line with regulatory requirements and business needs. You can use AWS CloudTrail to monitor changes to object retention settings.

Use Appropriate Modes#

Choose the appropriate retention mode (governance or compliance) based on your specific requirements. If strict data protection is needed, use compliance mode. If you need some flexibility, use governance mode.

Document Your Policies#

Document your object retention policies clearly, including the reasons for setting the policies, the retention periods, and the individuals or teams responsible for managing the policies. This will help in maintaining transparency and ensuring that all stakeholders are aware of the data management strategy.

Conclusion#

Setting object retention for S3 objects using the AWS CLI is a powerful feature that provides enhanced data protection and helps in meeting regulatory and business requirements. By understanding the core concepts, typical usage scenarios, common practices, and best practices, software engineers can effectively manage object retention in Amazon S3. This not only ensures the integrity and availability of data but also simplifies the data governance process.

FAQ#

Q1: Can I change the retention period after it has been set?#

Yes, if the object is in governance mode, users with appropriate permissions can change the retention period. However, if the object is in compliance mode, the retention period cannot be changed until it has expired.

Q2: What happens if I try to delete an object within the retention period?#

If you try to delete an object within the retention period, the deletion request will be denied. You will receive an error message indicating that the object is under retention.

Q3: Can I set retention for multiple objects at once?#

The AWS CLI commands operate on a single object at a time. However, you can write scripts to loop through multiple objects and set retention for each one.

References#

2025-10