1 Answer
- Newest
- Most votes
- Most comments
0
- In compliance mode, a protected object version can't be overwritten or deleted by any user including the root user in your AWS account.
- In governance mode, users can't overwrite or delete an object version or alter its lock settings unless they have special permissions. If you try to delete objects protected by governance mode and have s3:BypassGovernanceRetention or s3:GetBucketObjectLockConfiguration permissions, the operation will succeed.
AWS engineers do not have access to Customer's data due to strict AWS Privacy and Security policies https://aws.amazon.com/compliance/data-privacy-faq/ and hence cannot be altered from AWS end.
Once the objects are locked under compliance mode compliance mode the minimum retention period must be met before any changes are to be made.
Relevant content
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago