How can I retrieve an Amazon S3 object that was deleted in a versioning-enabled bucket?

6 minute read
0

I want to retrieve an object that was deleted from my Amazon Simple Storage Service (Amazon S3) bucket that has versioning turned on.

Short description

When you delete an object from a version-enabled bucket, Amazon S3 creates a delete marker for the object. The delete marker becomes the current version of the object, and the object becomes the previous version. With a delete marker, Amazon S3 responds to requests for the object as though the object was deleted. For example, if you send a GET request for the object, then Amazon S3 returns an error.

To retrieve an object that was deleted from a version-enabled bucket, complete one of the following tasks:

  • Download the previous version of the object: To download the previous version of the object, you must have s3:GetObjectVersion permissions.
  • Remove the delete marker: After you remove the delete marker, the original object becomes the current version of the object. To remove the delete marker, you must have s3:DeleteObjectVersion permissions. Also, you must use the AWS account that owns or created the bucket to remove the delete marker
    Note: If the bucket has MFA delete configured, then you must use the designated multi-factor authentication (MFA) to remove the delete marker.

Resolution

Important: You can't recover data that you permanently delete and remove from a bucket.

To restore the previous version of the object, complete the following tasks. In each command, replace DOC-EXAMPLE-BUCKET with the name of your bucket.

Use the Amazon S3 console to download the previous version of the object

To use the Amazon S3 console to download the previous version of the object, complete the following steps:

  1. Open the Amazon S3 console.
  2. From the list of buckets, open the bucket of the deleted object.
  3. Navigate to the folder of the deleted object.
  4. Turn on Show versions.
  5. In the search bar, enter the name of the deleted object.
  6. Select the previous version of the object. Don't select the delete marker.
  7. Choose Actions, and then choose Download.

Use the AWS CLI to download the previous version of the object

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

To use the AWS CLI to download the previous version of the object, complete the following steps:

  1. Run the list-object-versions command on the bucket:
    aws s3api list-object-versions --bucket DOC-EXAMPLE-BUCKET --prefix examplefolder/
    Note: The preceding example command includes the --prefix option to filter the results to the specified key name prefix. This option helps reduce the number of results and saves time when your bucket contains a large number of object versions.
  2. From the command output, copy the version ID of the previous version of the object.
  3. Run the get-object command for the version ID:
    aws s3api get-object --bucket DOC-EXAMPLE-BUCKET --key example.txt --version-id example.d6tjAKF1iObKbEnNQkIMPjj filename.txt

Use the Amazon S3 console to remove the delete marker

To use the Amazon S3 console to remove the delete marker, complete the following steps:

  1. From the account that owns the bucket of the deleted object, open the Amazon S3 console.
  2. From the list of buckets, open the bucket of the deleted object.
  3. Navigate to the folder of the deleted object.
  4. Turn on Show versions.
  5. In the search bar, enter the name of the deleted object.
  6. Select the delete marker of the object.
    Important: Make sure that you selected the delete marker. If you delete an object version, then you can't retrieve the object.
  7. Choose Delete.
  8. In the Delete objects page, confirm that the correct delete marker is listed. Then, enter permanently delete to confirm deletion.
  9. Choose Delete objects.
    Important: You can't use the Amazon S3 console to undelete folders. Instead, you must use the AWS CLI or the AWS SDK.

Use the AWS CLI to remove the delete marker

You can use the AWS CLI to remove the delete marker on several objects, thousands of objects, or millions of objects.

Remove the delete marker on several objects

To remove the delete marker on several objects, complete the following steps:

  1. Run the list-object-versions command with the following --query parameter:

    aws s3api list-object-versions --bucket DOC-EXAMPLE-BUCKET --prefix examplefolder/ --query 'DeleteMarkers[?IsLatest==`true`]'

    Note: The preceding example command includes the --prefix option and filters the results to the specified key name prefix.

  2. From the command output, copy the version ID of the delete marker.
    Important: Make sure that you copied the version ID of the delete marker. If you delete an object version, then you can't retrieve the object.

  3. Run the delete-object command for the version ID:

    aws s3api delete-object --bucket DOC-EXAMPLE-BUCKET --key example.txt --version-id 'example.d6tjAKF1iObKbEnNQkIMPjj'
  4. To verify that the delete marker was removed, run the ls command:

    aws s3 ls s3://DOC-EXAMPLE-BUCKET

Remove the delete marker on thousands of objects

To remove the delete marker on thousands of objects, complete the following steps:

  1. Open the AWS CloudShell console.
  2. Run the list-object-versions command:
    aws s3api list-object-versions --bucket DOC-EXAMPLE-BUCKET --prefix examplefolder/ --output json --query 'DeleteMarkers[?IsLatest==`true`].[Key, VersionId]' | jq -r '.[] | "--key " + "'\\\"'" + .[0] + "'\\\"'" + " --version-id " + .[1]' | xargs -L1 -t aws s3api delete-object --bucket DOC-EXAMPLE-BUCKET

Note: The preceding example command uses the jq tool from the GitHub website to parse the ListObjectVersions response for current version DeleteMarkers. By default, jq is installed on AWS CloudShell. If you don't interact with the shell environment, then your shell session ends.

Remove the delete marker on millions of objects

To remove the delete marker on millions of objects in a bucket, use a custom script with the AWS SDK. For more information, see the Using the AWS SDKs section of Removing delete markers to make an older version current.

Note: A LIST call that you perform on a bucket that has millions of objects can be expensive and cause a timeout.

AWS OFFICIAL
AWS OFFICIALUpdated 2 months ago
2 Comments

The final example command under "Remove the delete marker on thousands of objects" will fail if any of the file names contain an apostrophe (') char.

replied 6 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 6 months ago