A financial institute is storing all its critical documents in the Amazon S3 bucket which has versioning enabled.
The retention period is applied to documents using object lock, but you are observing some objects are getting overwritten.
Which of the following could be a possible reason?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - B.
Object Lock is applied to a specific version of an object.
So, if there are multiple versions of an object, users can overwrite objects which do not have an object lock applied to them.
Option A is incorrect as Both Retention period & Legal Hold is not required for an object lock.
Option C is incorrect as Object locks are not applied at bucket level but specific versions of objects.
Option D is incorrect as Object Lock is applied to specific versions of an object & not necessary to all versions of an object.
For more information on Amazon S3 Object Locks, refer to the following URL-
https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.htmlThe correct answer is A. Object should have both retention period and legal hold to prevent from overwriting.
Explanation:
Amazon S3 versioning helps to protect the stored objects in the bucket from accidental deletion or overwrite. When versioning is enabled, all the objects uploaded to the bucket will have a unique version ID. This way, users can retrieve any version of the object from the bucket.
Object Lock is a feature in Amazon S3 that allows users to lock the objects in the bucket to prevent them from being deleted or overwritten. Object Lock provides two ways to lock the objects: Governance mode and Compliance mode.
In Governance mode, the user can set a retention period for the object, and during that period, the object cannot be deleted or overwritten. However, once the retention period is over, the object can be deleted or overwritten.
In Compliance mode, the user can apply legal hold to the object, which will prevent it from being deleted or overwritten indefinitely, until the hold is removed.
The possible reason why some objects are getting overwritten even though the retention period is applied is that the objects might not have legal hold applied to them. In Governance mode, the retention period only prevents the object from being deleted or overwritten during that period. Once the retention period is over, the object can be deleted or overwritten. Therefore, to prevent the object from being overwritten, legal hold needs to be applied to the object.
Option B is incorrect because Object locks apply to a specific version of an object in a versioned bucket. This means that when the object is locked, only that version of the object is locked, and other versions of the same object can be overwritten.
Option C is incorrect because Object lock should be applied at the object level, not at the bucket level. Applying object lock at the bucket level would lock all the objects in the bucket, which might not be necessary.
Option D is incorrect because Object locks need to apply to a specific version of the object, not all versions of the object.