S3 Object Lock

Question 1

What does S3 Object Lock do AND Why is it useful?

Answer 1

1. Protects Objects in S3 from being OVERWRITTEN or DELETED for a either a fixed OR indefinite amount of time.
2. Create storage using Write Once Read Many (WORM) Model. It is good for regulatory requirements

Question 2

What is the Storage Model associated with S3 Object Lock?

Answer 2

Write Once Read Many

{W.O.R.M.}

Question 3

What does WORM stand for?

Answer 3

Write Once Read Many

{A compliant form of Storage}

Question 4

What are the TWO modes of S3 Object Lock? AND What is the main difference between the two?

Answer 4

Governance Mode and Compliance Mode

1. Governance Mode: you CANNOT overwrite or delete an Object version or alter it’s lock settings unless you have SPECIAL PERMISSIONS.
2. Compliance Mode: NO user, not even ROOT-USER can overwrite or delete an object or update its lock settings.

Question 5

Define and Compare

Retention Period vs. Legal Hold

Answer 5

Retention Period: a fixed amount of time

Legal Hold: can be freely placed or removed by anyone with the ‘S3:PUTObjectLegalHold’ permission.

Both protect an object version from being overwritten/deleted.

Question 6

What is S3 Glacier Vault Lock?

Answer 6

S3 Object Lock for Vaults in Glacier.

Easily deploy and enforce compliance controls for S3 Glacier Vaults with a Vault Lock Policy.

Specify Controls (Like WORM) in a vault lock policy and lock from future edits.

Question 7

What is the best way to put an object lock on all objects in an S3 bucket?

Answer 7

S3 Object Locks can be configured to be bucket wide.

One Object Lock on at the Bucket Level.

Question 8

S3 Glacier Vault Lock, Once the policy is initially locked can it be changed?

Answer 8

NO