How to set retention time using create-bucket API

Question

The following link shows that I can enable object-locking during AWS create-bucket API commands:

https://awscli.amazonaws.com/v2/documentation/api/2.0.34/reference/s3api/create-bucket.html

But, where can I specify the retention time value?

Second, is there a way to only turn on retention without the versioning OR to set a retention value on an object during a create?  I looked at put-objects and only see the expires field.  I dont want the object store to remove the object when it hits the date...only ensure no one can delete it until that date.  I dont really have support for versioning so this would be a better option.

Answer

You need to use the separate [put-object-lock-configuration command](https://awscli.amazonaws.com/v2/documentation/api/2.0.34/reference/s3api/put-object-lock-configuration.html) for that.

As to versioning, no, [versioning is required to use object lock](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-configure.html).  You can set a retention value for an object during it's [initial PUT](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html#AmazonS3-PutObject-request-header-ObjectLockRetainUntilDate).  In the CLI this would be [--object-lock-retain-until-date](https://awscli.amazonaws.com/v2/documentation/api/2.0.34/reference/s3api/put-object.html).

Keep in mind, with Object Lock, it does not prevent a delete command upon an object, but upon an object version.  If you delete an object in an Object Lock bucket, a delete marker will be created.  The actual object version that is protected by Object Lock will remain, can be restored or accessed directly using it's object version ID, and you will not be able to delete that object version.

As you can see, object versioning is critical to the use of Object Lock and will need be enabled to make use of the feature.

How to set retention time using create-bucket API

関連するコンテンツ