S3 object lock on existing S3 objects?

To configure object lock on existing objects present in S3 bucket, below two steps are to be followed:

1. The bucket should have object lock enabled. You can turn on Object Lock for an existing bucket from the "Properties" section of S3 bucket : https://aws.amazon.com/about-aws/whats-new/2023/11/amazon-s3-enabling-object-lock-buckets/
2. Then, perform S3 batch operation to set the retention period for your existing objects. For this, you may first create S3 inventory report (which will contain the list of all the objects) for your S3 bucket and then perform S3 batch operation for setting Object Lock retention to apply retention dates (in either Governance or Compliance mode) on your existing objects.

Reference for S3 Inventory

Reference for S3 Batch operations and retention modes

You can also follow the guidelines outlined in this blog below to use S3 batch operation to set the retention period for your existing objects after enabling object lock on your bucket:

[+] https://aws.amazon.com/blogs/storage/how-to-manage-retention-periods-in-bulk-using-amazon-s3-batch-operations/

Note: If you use Inventory and S3 batch operations, you will incur additional charges, refer pricing document for additional details.

Hope you find this useful.

Enabling object locking on a bucket does not retroactively lock existing objects in the bucket. Object locking can only be applied to objects that are uploaded or copied to the bucket after object locking is enabled. If you want to apply object locking to existing objects in the bucket, you will need to make a copy of each object and then delete the original object. The copy of the object will have the object lock applied to it.